Rich Salz wrote:
> 
> > The problem with that idea is it is incompatible with all the other
> > functions in OpenSSL. The functions that clash in Kerberos are all
> > (there aren't many) static, so there aren't actually many ramifications
> > to changing them in Kerberos.
> 
> Are you saying that if I want to install openssl on a Kerberos-enabled
> host, I will now have to edit and recompile by Kerberos sources?  If so,
> I think that it an unacceptable barrier to openssl deployment,
> particularly when the primary counter-argument is "we don't like the
> function names we'd use" :)

Well, that's a good point, of course. So, I guess we have to think again
about the function names, particularly since it introduces a very nasty
clash between Kerberos IV and Kerberos V, I have now discovered.

OTOH, the change to the DES function interface causes problems anyway -
so unless we make back-compatibility the default, you are going to have
to edit the source whatever (if you want to rebuild Kerberos).

Double-OTOH, we seem to end up having to change interfaces almost every
release, so I'm not sure why this case is different?

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to