Re: Will NFSv4 be accepted?

[Roger Luethi <rl@hellgate.ch>]

On Thu, 15 Aug 2002 10:35:40 -0700, Linus Torvalds wrote:
> 
> On Wed, 14 Aug 2002, Dax Kelson wrote:
> > 
> > Q for Linus: What's the prospect of adding crypto to the kernel?
> 
> For a good enough excuse, and with a good enough argument that it's not 
> likely to be a big export problem, I don't think it's impossible any more.
> 
> However, the "good enough excuse" has to be better than "some technically 
> excellent, but not very widespread" thing. 

While I'm all for adding crypto to the standard kernel, I contend the
crucial part is not strong crypto, but the API. With a stock kernel that
merely offered rot13 type algorithms and a simple way to add more, we could
sidestep the export issue [1] if necessary and still get important
benefits.

There have been some efforts to find a common platform (e.g. between the
freeswan and the cryptoapi folks recently), but the driving force that
brought us LSM is sorely missing with crypto, although the issue seems less
complex.

I won't comment on the technical excellence of the currently available
solutions, but VPNs and disk encryption (especially for laptop owners) are
quite likely to see (even more) widespread use in the near future. With
Reiser4 it seems there is soon going to be another contender in local
filesystems besides the loopback based ones. RedHat, Mandrake, and SuSE are
already selling products using kernel space encryption (i.e. VPNs and/or
encrypted filesystems).

IMHO the case for crypto in the kernel has already been made. The questions
are rather: what would a kernel crypto facility look like if it was to be
useful for all those projects out there, and who could pull an LSM on this
one?

Roger

[1] Assuming that the times when even crypto _hooks_ were likely a felony
    are gone for good (for many countries anyway). IANAL, obviously.