From owner-freebsd-commit Fri Aug 4 06:26:40 1995 Return-Path: commit-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.11/8.6.6) id GAA10950 for commit-outgoing; Fri, 4 Aug 1995 06:26:40 -0700 Received: (from majordom@localhost) by freefall.cdrom.com (8.6.11/8.6.6) id GAA10937 for cvs-user-outgoing; Fri, 4 Aug 1995 06:26:37 -0700 Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33]) by freefall.cdrom.com (8.6.11/8.6.6) with ESMTP id GAA10929 ; Fri, 4 Aug 1995 06:26:32 -0700 Received: from localhost (localhost [127.0.0.1]) by precipice.shockwave.com (8.6.11/8.6.9) with SMTP id GAA02096; Fri, 4 Aug 1995 06:26:00 -0700 Message-Id: <199508041326.GAA02096@precipice.shockwave.com> To: paul@freebsd.org cc: ache@freefall.cdrom.com (Andrey A. Chernov), CVS-commiters@freefall.cdrom.com, cvs-user@freefall.cdrom.com Subject: Re: cvs commit: src/secure/libexec/telnetd ext.h In-reply-to: Your message of "Fri, 04 Aug 1995 13:25:44 BST." <199508041225.NAA15143@server.netcraft.co.uk> Date: Fri, 04 Aug 1995 06:26:00 -0700 From: Paul Traina Sender: commit-owner@freebsd.org Precedence: bulk From: Paul Richards Subject: Re: cvs commit: src/secure/libexec/telnetd ext.h In reply to Andrey A. Chernov who said > > ache 95/08/03 17:12:09 > > Modified: secure/libexec/telnetd ext.h > Log: > Change default banner to FreeBSD, properly ifdefed by __FreeBSD__ > Hmm, I obviously haven't been paying enough attention but can someone explain to me why we have two telnetd's in the tree? A conservative interpretation of US crypto export laws would lead one to believe that not only can you not export the actual crypto code, you cannot export code that has CALLS to the crypto code. We all know this is fundamentally bullshit, since the actual descriptions are intended to cover hardware (moving parts) devices, however the bastards who are screwing us in the first place have no motivation to indemnify anyone who tries to export code without a license, and no one has had the wherewithal to take this particular matter to court. The basic idea here is to foil people from doing plug-in encryption devices where "all but the crypto" is there and supported. The only difference between secure/*/*telnet* and */*telnet* is that the non-secure one has had all of the calls to anything that might remotely be considered encryption physically removed. This is an ultimate pain in the ass, since we need to maintain the farce of shipping an "un-tainted" version of source code for export, when we have a non-US repository that basicly mirrors the US secure repository. If we were to be less conservative in our interpretation of the law, we could ship all of secure/* in the normal source tree, and the only difference would be that secure/lib/libdes would remain in secure. In the exportable version, this would simply contain stubs, and we'd link against the stubs... then all you need to do is replace libdes.so.* with a real one and the system would do the right thing. I just find the whole thing hypocritical, since IMO, the entire point of the exercise is not to control the export of strong crypto, but rather to make it so bloody expensive for companies to incorporate strong general purpose cryptography in their products.