OpenPGP auth
sen_ml at eccosys.com
sen_ml at eccosys.com
Wed Aug 2 10:59:57 EST 2000
From: Chip Christian <chip at princetonecom.com>
Subject: Re: OpenPGP auth
Date: Tue, 01 Aug 2000 10:42:14 -0400
Message-ID: <20000801144214.27586B47B at fleck.princetonecom.com>
> Werner Koch is definitely not working on a library. I don't have a direct
> quote handy, but I recall him saying he wouldn't since he couldn't know
> what the library's user is doing with memory. I did find this response on
> the topic:
>
> > No. Use the Unix way. The overhead of fork and exec is not that high
> > compared to the crypto operations. Have a look at your MTA, it is
> > calling procmail (when used) for each message. The httpd calls a CGI
> > on every transaction.
yes, i remember that post.
if i dug enough, i could also find a later post from him saying that
it would be really nice to have an openpgp packet manipulation library
too ;-)
it'd be nice to have openpgp auth in openssh, but i don't suppose the
priority is that high. i suppose not having it forces people to use
different authentication tokens/info (if you had openpgp auth, you'd
probably be at least tempted to use the same key pairs for mail and
for ssh authentication) which might actually be a better thing
security-wise (cf. the all-mighty card system discussion at mit a few
years back).
More information about the openssh-unix-dev
mailing list