Well, it seems crypto has to be in the kernel. Like there's IP
security for both IPv4 *and* IPv6, and obviously that's part of the
kernel, and it's expected to be ubiquitous at some stage.
My opinion for what it counts (mostly how much noise I make :) ) is to
have Linus include it before he leaves Finland, creating lots of
hooks, etc. so that if/when he moves to some other place others can
distribute designated drop-in patch sets that fit cleanly with the
kernel and are considered a part of it despite the distribution
(i.e. law abiding & broken-up package) realities. Actually making
them work with something isn't so important in my mind until they're
needed (as the goal in this case is to get around a legal hurdle).
So which algorithms? Well, there's DES (& 3DES), IDEA, BlowFish, MD5,
RSA, ... heck include them all, refine later. :) Or define the hooks
for the drop-ins now. Or something like that.
Lots of packages need cryptography. Perhaps a library? But how would
the kernel efficiently interface with a library? Is that insane? Is
POSIX working on a library interface? (Like for every IP packet.
This has to be *efficient*.) Also, lots of applications use it (email
(PGP, Netscape Mail (1Q 1997), SSH, telnet-SSL, httpd w/SSL). See?
It's at every level.