Re: OpenSSH 2.1
But I'm suddenly confused what you're actually talking about here: OpenSSH, OpenSSL, or RSAREF. OpenSSH has never included crypto code, but it's useless without OpenSSL which quite certainly does. OpenSSH no longer requires RSAREF to operate (if you've got clients/servers willing to do DSA SSH2), which is the "non-free" component I was talking about. OK, if OpenSSL still contains crypto then "never mind"; I thought OpenSSL used *only* RSA and it used it through the RSAstubs code, making it "OK." today as well (after you've checked and got that legal advice I've been bugging you about :) I'm working on the legal advice; a firm has been retained and consulted. Some paperwork needs to be done in order to get FreeBSD an export permit and I'm still working on figuring out if this will be an ongoing issue or we can just do it once. - Jordan To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSH 2.1
speaking of which, I presume that OpenSSH 2.1 is being merged into Internat by kindly overworked developer types at the moment? On Tue, May 16, 2000 at 10:06:09AM -0700, David O'Brien wrote: Even so, moving SSH into the bindist would be one less thing that has to be merged into Internat all the time. -- -- David([EMAIL PROTECTED]) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message -- Mark Blackman,Internet Systems Administrator,Sophos Anti-Virus e-mail: [EMAIL PROTECTED] http://www.sophos.com US Support: +1 888 SOPHOS 9UK Support: +44 1235 559933 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSH 2.1
On Wed, 17 May 2000, Jordan K. Hubbard wrote: OK, if OpenSSL still contains crypto then "never mind"; I thought OpenSSL used *only* RSA and it used it through the RSAstubs code, making it "OK." OpenSSL is a general-purpose cryptography toolkit which includes such goodies as Blowfish, CAST, DES, Diffie-Hellman, DSA, RC[245], and..oh yes, RSA :-) today as well (after you've checked and got that legal advice I've been bugging you about :) I'm working on the legal advice; a firm has been retained and consulted. Some paperwork needs to be done in order to get FreeBSD an export permit and I'm still working on figuring out if this will be an ongoing issue or we can just do it once. Whee! Great news! Once you get the legal issues sorted out, we can finally merge the internat and freefall crypto repositories so there's just one source of crypto. I think the only (legitimate) difference between the two is a single file, rsa_eay.c, which contains the actual RSA crypto on internat. We can put that into its own cvsup collection (cvs-crypto-rsa) which won't be installed by default (and won't build anyway for USA_RESIDENT=="YES"), and which mirrors don't have to replicate. I think that should take care of all of the legal issues. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSH 2.1
On Wed, 17 May 2000, Mark Blackman wrote: speaking of which, I presume that OpenSSH 2.1 is being merged into Internat by kindly overworked developer types at the moment? I think Peter Wemm has already finished. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSH 2.1
Err, well it still requires openssl, which I think is firmly rooted in the crypto distribution as long as we have one. Is it? I thought the RSAref code being pluggable gave it some protection, or is merely "pluggability" also classified as crypto? I do recall someone saying something to that effect once... - Jordan To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSH 2.1
On Mon, May 15, 2000 at 09:54:52PM -0700, Kris Kennaway wrote: Err, well it still requires openssl, which I think is firmly rooted in the crypto distribution as long as we have one. Even so, moving SSH into the bindist would be one less thing that has to be merged into Internat all the time. -- -- David([EMAIL PROTECTED]) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSH 2.1
On Mon, 15 May 2000, Jordan K. Hubbard wrote: Err, well it still requires openssl, which I think is firmly rooted in the crypto distribution as long as we have one. Is it? I thought the RSAref code being pluggable gave it some protection, or is merely "pluggability" also classified as crypto? I do recall someone saying something to that effect once... It used to be enough. But I'm suddenly confused what you're actually talking about here: OpenSSH, OpenSSL, or RSAREF. OpenSSH has never included crypto code, but it's useless without OpenSSL which quite certainly does. OpenSSH no longer requires RSAREF to operate (if you've got clients/servers willing to do DSA SSH2), which is the "non-free" component I was talking about. OTOH, if you're talking about being able to unify the freefall and internat CVS repositories wrt OpenSSH, we could also probably do this today as well (after you've checked and got that legal advice I've been bugging you about :) OTGH, what *were* you talking about? :-) Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSH 2.1
* No longer a dependency on RSA (and therefore rsaref for US folks): SSH2 can handle DSA keys which have no patent or usage restrictions. This means we could now enable SSH2 out of the box in a crypto installation, with no post-installation configuration requirements. We now have a truly free SSH client/server! I wonder if we even have to have it be part of the crypto distribution in such an event. I always thought it would have been nice if it could have come with the bindist, and if it doesn't have any "crypto" dependencies or bits which explicitly *require* its' continued segregation into the crypto dist, maybe we could move it over? - Jordan To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSH 2.1
On Mon, 15 May 2000, Jordan K. Hubbard wrote: I wonder if we even have to have it be part of the crypto distribution in such an event. I always thought it would have been nice if it could have come with the bindist, and if it doesn't have any "crypto" dependencies or bits which explicitly *require* its' continued segregation into the crypto dist, maybe we could move it over? Err, well it still requires openssl, which I think is firmly rooted in the crypto distribution as long as we have one. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: OpenSSH 2.1
On Sun, 14 May 2000 22:52:11 MST, Kris Kennaway wrote: * Kerberos support is also limited to SSH1. Presumably this is still Heimdal Kerberos support, without MIT interoperability? Ciao, Sheldon. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message