Fedora crypto consolidation
Nicolas.Williams at sun.com
Tue Mar 25 22:28:54 EDT 2008
On Tue, Mar 25, 2008 at 10:11:04PM -0400, Sam Hartman wrote:
> >>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
> Nicolas> I don't know for sure, but we might prefer to donate that
> Nicolas> code (i.e., under the MIT license, rather than the CDDL)
> Nicolas> so as to preserve our investment.
> If we could find a way to accept the code and preserve the ABI, I
> think that would be very interesting.
I'll send the Solaris krb5 team a heads up. I'm sure they'll prefer to
preserve our investment by donating the code.
As for preserving the ABI, our code doesn't do that since we had no ABI
to preserve at the time, but as I said, I believe this can be
Specifically I'm thinking of doing a kg-like krb5_keyblock registration
scheme: if you use the allocator then the extended keyblock will be
easily available where needed, else you'll need to compute it every time
(or perhaps hash a cache on the actual key octets). This will mean
small changes in many places, but it should preserve the ABI.
More information about the krbdev