Date: Mon, 16 Dec 1996 11:29:31 -0500 From: Garrett Wollman <wollman@lcs.mit.edu> To: Paul Richards <p.richards@elsevier.co.uk> Cc: Bill Paul <wpaul@skynet.ctr.columbia.edu>, terry@lambert.org (Terry Lambert), current@FreeBSD.ORG Subject: Re: Plan for integrating Secure RPC -- comments wanted Message-ID: <9612161629.AA18822@halloran-eldar.lcs.mit.edu> In-Reply-To: <57ohfubkk5.fsf@tees.elsevier.co.uk> References: <199612152351.SAA05656@skynet.ctr.columbia.edu> <57ohfubkk5.fsf@tees.elsevier.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On 16 Dec 1996 15:00:58 +0000, Paul Richards <p.richards@elsevier.co.uk> said: > I had a discussion with someone in the Perl group who was from ORA. He > claimed FreeBSD was being overly restrictive in it's lack of DES > code. He cited NetBSD and 4.4 claiming that both were exportable > because the DES code was only being used for authentication and not > encryption. He is wrong, mostly. We /could/ export libdescrypt, but IN BINARY FORM ONLY. (We'd probably have to get a CJ and a license ruling from the Commerce Department first, just to be safe.) Exporting the source code is problematic, because it could easily be turned back into an ordinary encryption/decryption engine. (The libcrypt/libcipher split was done in this way under my guidance specifically to make it easier for someone to get an export license for a binary distribution containing libdescrypt.) The exception the ORA person was thinking of is how DEC is able to export Kerberos in binary form. They in-line the DES code into libkrb where it's called, and don't provide the krb_*_priv() functions which provide indirect access to the encryption mechanism. This allows them to create a library which is only capable of performing authentication, not providing privacy, and so the government allows them to export it. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9612161629.AA18822>