Subject: what to put into cryptosrc-intl tree
To: None <>
From: Michael C. Richardson <>
List: tech-security
Date: 06/22/1999 20:52:52
  Please see my previous post for background.

  This is my idea:

1. openssl
	a) This gets us basic cryptography routines: DES, 3DES, IDEA, CAST,
		RSA, DSS, DH. We should have a libdes.a, and libcrypto.a.
	b) Also gets us ASN.1 and X.509 routines. We should have a libasn1.a
	c) some basic PKIX CA routines. We should have the tools from
		OpenSSL. We probably put them in /usr/bin.

2. we import KAME IPsec. It appears that there is movement towards using
	KAME as a route toward unified ipv6, and there is desire to do
	this for 1.5. 

3. I'd like to see an SSLtelnet/d imported.
4. kerberos IV (eBones)

  I think there will likely be an increasing amount of NetBSD original
code that would wind up there. I can see the following:
	-digital signature version of mtree
	-digitally signed trusted binaries
	-capability based stuff replacing some suid functionality

   :!mcr!:            |  Cow#1: Are you worried about getting Mad Cow Disease?
   Michael Richardson |  Cow#2: No. I'm a duck.
 Home: PGP key available.