From owner-freebsd-doc Fri Jan 17 03:31:31 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id DAA24603 for doc-outgoing; Fri, 17 Jan 1997 03:31:31 -0800 (PST) Received: from lists.dcro.dla.mil ([33.19.104.5]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id DAA24598 for ; Fri, 17 Jan 1997 03:31:28 -0800 (PST) Received: from tensbum (col-oh1-19.ix.netcom.com [199.183.200.51]) by lists.dcro.dla.mil (8.8.3/8.8.3) with SMTP id GAA00464; Fri, 17 Jan 1997 06:27:03 -0500 (EST) Message-Id: <199701171127.GAA00464@lists.dcro.dla.mil> Comments: Authenticated sender is From: "Michael P. Deslippe" Organization: Defense Contract Management Command To: freebsd-doc@freebsd.org, Troy Smith Date: Fri, 17 Jan 1997 06:31:13 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: web (and distribution!) update needed Reply-to: bgy2452@lists.dcro.dla.mil Priority: normal In-reply-to: X-mailer: Pegasus Mail for Win32 (v2.52) Sender: owner-doc@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Date: Wed, 15 Jan 1997 22:56:00 -0600 (CST) > From: Troy Smith > To: freebsd-doc@freebsd.org > Subject: web (and distribution!) update needed > Sorry to have to tell you this, but the Feds have changed the export > rules again Re: encryption. Basically, nobody in the US can export jack > unless they provide a back door for the feds. You probably are already > aware of this, but this passage from the web page indicates not: To what timeframe do you refer when you say "changed the export rules" - the Clipper Chip laws failed the legal review and were never implemented. Did something happen subsequent to that to change the law? Forcing a "back door" remains unconstitutional as far as I know. Please provide a reference. ---Mike > ____________________ > > If password security for FreeBSD is all you need and you have no > requirement for copying encrypted passwords from different hosts > (Suns, DEC machines, etc) into FreeBSD password entries, then > FreeBSD's MD5 based security may be all you require! We feel that our > default security model is more than a match for DES, and without any > messy export issues to deal with. If you're outside (or even inside) > the U.S., give it a try! This snapshot also includes support for > mixed password files - either DES or MD5 passwords will be accepted, > making it easier to transition from one scheme to the other. > ________________ > > Now, if you've provided a back door, then you're cool with the feds, but > if you haven't, and you still allow overseas ftp, you could be in deep > sh*t. I dislike all this nonsense as much as the next guy, but, until > the rules are changed, they're the ones we'll go to prison over. > > Hate being a wet blanket, > > Troy Smith > >