<div dir="ltr">Can libsodium upstream take a pull request that adds the hash functions that we need?</div><br><div class="gmail_quote"><div dir="ltr">On Fri, Jan 27, 2017 at 7:40 AM Eric S. Raymond <<a href="mailto:esr@thyrsus.com">esr@thyrsus.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hal Murray <<a href="mailto:hmurray@megapathdsl.net" class="gmail_msg" target="_blank">hmurray@megapathdsl.net</a>>:<br class="gmail_msg">
> We currently have 2 and 1/4 crypto packages. That seems like the sort of<br class="gmail_msg">
> things you like to clean up.<br class="gmail_msg">
<br class="gmail_msg">
Yes.<br class="gmail_msg">
<br class="gmail_msg">
> I would have said we have 2 1/2, but somebody deleted half of the 1/2. I<br class="gmail_msg">
> assume that was part of the --enable-crypto cleanup. There used to be<br class="gmail_msg">
> routines in libisc for MD5 and SHA1. md5.c is gone, but sha1.c is still<br class="gmail_msg">
> there. There are also 2 header files in libisc/include/isc/: md5.h and sha1.h<br class="gmail_msg">
<br class="gmail_msg">
md5.c isn't gone, it's in libntp.c. It's clearly the ISC code, so somebody<br class="gmail_msg">
moved it there. Might have been me, though I do not remember doing this.<br class="gmail_msg">
<br class="gmail_msg">
> We need sodium and OpenSSL. I don't know much about either, but 2 seems like<br class="gmail_msg">
> the wrong number. Do we really need both? If so, why? I think we should<br class="gmail_msg">
> have a paragraph someplace explaining why etc.<br class="gmail_msg">
<br class="gmail_msg">
It depends on which MAC algorithms we want to support, a question I've opened<br class="gmail_msg">
in a recent email. It looks like libsodium's support for hash functions in<br class="gmail_msg">
our set is limited to SHA-2, so libsodium can't replace OpenSSL.<br class="gmail_msg">
<br class="gmail_msg">
> We also need pointers to the documentation. I think I'd vote for a web page<br class="gmail_msg">
> on our main web site with links to documentation for C99, POSIX, and all the<br class="gmail_msg">
> packages we need.<br class="gmail_msg">
<br class="gmail_msg">
I am *strongly* against creating a separate web page for this. I like<br class="gmail_msg">
a single point of truth, and I write all our internal docs (including<br class="gmail_msg">
INSTALL) in asciidoc exactly so they can be rendered to HTML and exposed<br class="gmail_msg">
on the website when we deem it useful.<br class="gmail_msg">
<br class="gmail_msg">
Therefore, no, not a separate web page. Instead, I request that the<br class="gmail_msg">
infrastructure crew provide us with a facility to expose, as HTML on<br class="gmail_msg">
the website, selected asciidoc pages that are *not* under docs/.<br class="gmail_msg">
<br class="gmail_msg">
Then, INSTALL can be first on that list.<br class="gmail_msg">
--<br class="gmail_msg">
<a href="<a href="http://www.catb.org/~esr/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.catb.org/~esr/</a>">Eric S. Raymond</a><br class="gmail_msg">
_______________________________________________<br class="gmail_msg">
devel mailing list<br class="gmail_msg">
<a href="mailto:devel@ntpsec.org" class="gmail_msg" target="_blank">devel@ntpsec.org</a><br class="gmail_msg">
<a href="http://lists.ntpsec.org/mailman/listinfo/devel" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.ntpsec.org/mailman/listinfo/devel</a><br class="gmail_msg">
</blockquote></div>