ef315f7931
Originally, MKCRYPTO was introduced because the United States classified cryptography as a munition and restricted its export. The export controls were substantially relaxed fifteen years ago, and are essentially irrelevant for software with published source code. In the intervening time, nobody bothered to remove the option after its motivation -- the US export restriction -- was eliminated. I'm not aware of any other operating system that has a similar option; I expect it is mainly out of apathy for churn that we still have it. Today, cryptography is an essential part of modern computing -- you can't use the internet responsibly without cryptography. The position of the TNF board of directors is that TNF makes no representation that MKCRYPTO=no satisfies any country's cryptography regulations. My personal position is that the availability of cryptography is a basic human right; that any local laws restricting it to a privileged few are fundamentally immoral; and that it is wrong for developers to spend effort crippling cryptography to work around such laws. As proposed on tech-crypto, tech-security, and tech-userlevel to no objections: https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.html https://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.html https://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of *bad* crypto that was conditional on it, e.g. DES in telnet... That should probably be removed too, but on the grounds that it is bad, not on the grounds that it is (nominally) crypto. |
||
---|---|---|
.. | ||
auth-proto.h | ||
auth.c | ||
auth.h | ||
enc_des.c | ||
enc-proto.h | ||
encrypt.c | ||
encrypt.h | ||
forward.c | ||
genget.c | ||
getent.c | ||
kerberos5.c | ||
key-proto.h | ||
Makefile | ||
misc-proto.h | ||
misc.c | ||
misc.h | ||
pk.c | ||
pk.h | ||
shlib_version | ||
spx.c | ||
sra.c |