Alternate Open Source Crypto Solution in OpenSSH

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jan 5 14:32:26 AEDT 2016


On Mon 2016-01-04 22:23:31 -0500, Damien Miller wrote:
> On Mon, 4 Jan 2016, Daniel Kahn Gillmor wrote:
>
>> Damien, you said you're uninterested in linking to a GPL library -- is
>> OpenSSH policy the same for LGPL libraries as well? (i'm thinking of
>> nettle, which is licensed LGPL-2.1+, and has a very nice API for
>> cryptoprimitives)
>
> I'd like to get us to a point where all the crypto stuff happens
> via a handful of files that implement a simple API that is backed up
> with a good suite of tests from the OpenSSH side.

That would be great to have.  If you make it a sane non-SSH-specific API
with a good suite of independent tests, i can imagine cryptoprimitive
libraries organizing themselves to support it directly (so that they can
be "OpenSSH-compatible"), which would be a win for everyone as well as a
tempting place to add more good tests in the future.

> Speaking only for myself, I don't really want to do any library-
> specific porting until then.

Understood, thanks.

Regards,

    --dkg


More information about the openssh-unix-dev mailing list