Subject: Re: what to put into cryptosrc-intl tree
To: Michael C. Richardson <email@example.com>
From: Sheila and.. <firstname.lastname@example.org>
Date: 06/22/1999 20:56:23
I am usually a lurker here,but your notes have caused me to decloak.
Michael C. Richardson wrote:
> Please see my previous post for background.
> This is my idea:
> 1. openssl
> a) This gets us basic cryptography routines: DES, 3DES, IDEA, CAST,
> RSA, DSS, DH. We should have a libdes.a, and libcrypto.a.
> b) Also gets us ASN.1 and X.509 routines. We should have a libasn1.a
> c) some basic PKIX CA routines. We should have the tools from
> OpenSSL. We probably put them in /usr/bin.
To me, my opinion, this is a great idea. I have looked at the code and
I think (not that my opinion counts) that it is rather good. I like it.
> 2. we import KAME IPsec. It appears that there is movement towards using
> KAME as a route toward unified ipv6, and there is desire to do
> this for 1.5.
By import, do you mean to a US site or to a CA site? The US laws are a
little funky on import and then attempting to export.
> 3. I'd like to see an SSLtelnet/d imported.
Yes, great idea but same proviso as 2.
> 4. kerberos IV (eBones)
> I think there will likely be an increasing amount of NetBSD original
> code that would wind up there. I can see the following:
> -digital signature version of mtree
> -digitally signed trusted binaries
> -capability based stuff replacing some suid functionality
I like this proposal very much. I think it provides me, as a user, lots
of good, solid, foundations for securing my transactions. Thank you for
> :!mcr!: | Cow#1: Are you worried about getting Mad Cow Disease?
> Michael Richardson | Cow#2: No. I'm a duck.
> Home: email@example.com. PGP key available.