In message <87lncixv5y.fsf@redmail.redback.com>, Chris wrote:

-> Michael Richardson <mcr@sandelman.ottawa.on.ca> writes:
-> >   Things in cryptosrc, i.e. ISAKMP implementations [pluto (aka dwightd) or
-> > racoond] that one might to distribute in binary form and permit people who
-> > can run RSA to just drop in the library. 
-> >   I agree that the ./configure is a problem, but i'm think it can be 
-> > solved.
-> 
-> Right, sure, it's fairly obvious why you'd want to have a standard API
-> and/or a standard set of functions in a known library.
-> 
-> In a nutshell, all you suggested was having a shared library that may
-> contain just some stubs that abort (or whatever).  I don't see how
-> that helps solve any problem in any significant way.  Please clue me
-> in...  8-)

Please note that "crypto hooks" (crypto-in-the-hole or whatever BXA calls
it) are just as export controlled as the crypto itself (I'm sure you all
knew that, but from Michael's message, it wasn't clear that he intended
this as a workaround for lack of certain pieces of crypto code in the
NetBSD tree or as a general export workaround).

--rafal

----
Rafal Boni                                                  rafal@mediaone.net