I am usually a lurker here,but your notes have caused me to decloak.

Michael C. Richardson wrote:
> 
>   Please see my previous post for background.
> 
>   This is my idea:
> 
> 1. openssl
>         a) This gets us basic cryptography routines: DES, 3DES, IDEA, CAST,
>                 RSA, DSS, DH. We should have a libdes.a, and libcrypto.a.
>         b) Also gets us ASN.1 and X.509 routines. We should have a libasn1.a
>         c) some basic PKIX CA routines. We should have the tools from
>                 OpenSSL. We probably put them in /usr/bin.
To me, my opinion, this is a great idea.  I have looked at the code and
I think (not that my opinion counts) that it is rather good.  I like it.
> 
> 2. we import KAME IPsec. It appears that there is movement towards using
>         KAME as a route toward unified ipv6, and there is desire to do
>         this for 1.5.
By import, do you mean to a US site or to a CA site?  The US laws are a
little funky on import and then attempting to export.
> 
> 3. I'd like to see an SSLtelnet/d imported.
Yes, great idea but same proviso as 2.

> 4. kerberos IV (eBones)
Even better,! 
> 
>   I think there will likely be an increasing amount of NetBSD original
> code that would wind up there. I can see the following:
>         -digital signature version of mtree
>         -digitally signed trusted binaries
>         -capability based stuff replacing some suid functionality
Yes!!!!
I like this proposal very much.  I think it provides me, as a user, lots
of good, solid, foundations for securing my transactions.  Thank you for
proposing this!!
v/r
bob

> 
>    :!mcr!:            |  Cow#1: Are you worried about getting Mad Cow Disease?
>    Michael Richardson |  Cow#2: No. I'm a duck.
>  Home: mcr@sandelman.ottawa.on.ca. PGP key available.
> 
> 
> 
>