OpenPGP auth

sen_ml at eccosys.com sen_ml at eccosys.com
Wed Aug 2 10:59:57 EST 2000


From: Chip Christian <chip at princetonecom.com>
Subject: Re: OpenPGP auth 
Date: Tue, 01 Aug 2000 10:42:14 -0400
Message-ID: <20000801144214.27586B47B at fleck.princetonecom.com>

> Werner Koch is definitely not working on a library.  I don't have a direct 
> quote handy, but I recall him saying he wouldn't since he couldn't know 
> what the library's user is doing with memory.  I did find this response on 
> the topic:
> 
> > No.  Use the Unix way.  The overhead of fork and exec is not that high
> > compared to the crypto operations.  Have a look at your MTA, it is
> > calling procmail (when used) for each message.  The httpd calls a CGI
> > on every transaction.

yes, i remember that post.  

if i dug enough, i could also find a later post from him saying that
it would be really nice to have an openpgp packet manipulation library
too ;-)

it'd be nice to have openpgp auth in openssh, but i don't suppose the
priority is that high.  i suppose not having it forces people to use
different authentication tokens/info (if you had openpgp auth, you'd
probably be at least tempted to use the same key pairs for mail and
for ssh authentication) which might actually be a better thing
security-wise (cf. the all-mighty card system discussion at mit a few
years back).





More information about the openssh-unix-dev mailing list