Rich Salz wrote: > > > The problem with that idea is it is incompatible with all the other > > functions in OpenSSL. The functions that clash in Kerberos are all > > (there aren't many) static, so there aren't actually many ramifications > > to changing them in Kerberos. > > Are you saying that if I want to install openssl on a Kerberos-enabled > host, I will now have to edit and recompile by Kerberos sources? If so, > I think that it an unacceptable barrier to openssl deployment, > particularly when the primary counter-argument is "we don't like the > function names we'd use" :)
Well, that's a good point, of course. So, I guess we have to think again about the function names, particularly since it introduces a very nasty clash between Kerberos IV and Kerberos V, I have now discovered. OTOH, the change to the DES function interface causes problems anyway - so unless we make back-compatibility the default, you are going to have to edit the source whatever (if you want to rebuild Kerberos). Double-OTOH, we seem to end up having to change interfaces almost every release, so I'm not sure why this case is different? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]