Date: Fri, 13 Aug 1999 14:31:50 -0700 From: Nick Sayer <nsayer@quack.kfu.com> To: Kris Kennaway <kris@hub.freebsd.org> Cc: FreeBSD-hackers@freebsd.org Subject: Re: SRA+IDEA Telnet Message-ID: <37B48EC6.3D1F0AC7@quack.kfu.com> References: <Pine.BSF.4.10.9908131311270.71781-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms6D139C0ACAAB8E6E9BF85151 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Kris Kennaway wrote: > > On Fri, 13 Aug 1999, Nick Sayer wrote: > > > I originally obtained SRA code from a University in Germany. I obtained > > my implementation of IDEA from PGP. In fact, I used idea.[ch] and #if > > 0'ed > > out stuff that's not needed. > > Couldn't you work the code so it obtains all its' encryption functions > from an external library, such as the system's libdes? That would let you > export the code, since it doesn't provide any encryption functions itself, > and international people could use the international DES library (for > other encryption algorithms, pick a freely available implmenetation such > as the one from openssl). Alas, the commerce department says that even code that has no cryptography in itself, but that _interfaces_ to a crypto library is unexportable. As an example, I have a hack for pine that interfaces it to Openssl (the pine4+ssl port). That code is unexportable even though it talks to a library that talks to a crypto library. This despite the fact that it is distributed separately from the crypto itself. The same applies to mod_ssl (at least when it is present within the US). You can't pass that around even though it does no encryption by itself at all (the fact that it may be available outside the US doesn't matter either. You still can't export it even if it was originally IMported for it to get here in the first place). Yes, it sucks, and no, I am not making this up. > > I'm not sure what functionality this provides above something like > SSLtelnet (in ports) or ssh, though. Probably much easier for folks to > just use those. The whole point is to have the default system come with something better than plaintext logins that has no administrative overhead. If the default telnet/telnetd (in the DES distribution) had this functionality, it would end up being far more automatic than having to go and build and install ANY alternative in the ports or having to set up either Kerberos or S/key. I use and am a big fan of SSH. But I had to install and configure it. If we're ever going to reach the day when cryptographic security is so routine we don't even think about it, we have to start having it present _by default_. > > Kris --------------ms6D139C0ACAAB8E6E9BF85151 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIIKpwYJKoZIhvcNAQcCoIIKmDCCCpQCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC CDMwggT9MIIEZqADAgECAhA9k/AV3oVH5b8fAYqgipwKMA0GCSqGSIb3DQEBBAUAMIHMMRcw FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29y azFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5 IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRp dmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMB4XDTk5MDYyMTAwMDAw MFoXDTAwMDYyMDIzNTk1OVowggEYMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UE CxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9y ZXBvc2l0b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMV UGVyc29uYSBOb3QgVmFsaWRhdGVkMTMwMQYDVQQLEypEaWdpdGFsIElEIENsYXNzIDEgLSBO ZXRzY2FwZSBGdWxsIFNlcnZpY2UxGjAYBgNVBAMUEU5pY2hvbGFzIFcuIFNheWVyMSMwIQYJ KoZIhvcNAQkBFhRuc2F5ZXJAcXVhY2sua2Z1LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw gYkCgYEAwZ76sB91nFO45ERwMDwTiQLzF9SS68cGUY8LoVgVUY2R/8DfXJhBxDOEDXfM0pJj dtz4h6VTcP4LBP4R9eeanpz9rFhAuTHppFEM7mrz5ak+RNTYszlNJxFd/dm7Rlz9rgVCobHQ sh2Asg06t/l7CTgcY4yd78SxUGwNjW/kveECAwEAAaOCAY8wggGLMAkGA1UdEwQCMAAwgawG A1UdIASBpDCBoTCBngYLYIZIAYb4RQEHAQEwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3 LnZlcmlzaWduLmNvbS9DUFMwYgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwgSW5jLjADAgEB Gj1WZXJpU2lnbidzIENQUyBpbmNvcnAuIGJ5IHJlZmVyZW5jZSBsaWFiLiBsdGQuIChjKTk3 IFZlcmlTaWduMBEGCWCGSAGG+EIBAQQEAwIHgDCBhgYKYIZIAYb4RQEGAwR4FnZkNDY1MmJk NjNmMjA0NzAyOTI5ODc2M2M5ZDJmMjc1MDY5YzczNTliZWQxYjA1OWRhNzViYzRiYzk3MDE3 NDdkYTVkM2YyMTQxYmVhYzIzZWMyZmQ4MjBiYWI2ZGY1ZDcxMTQ5OWZhMWJjNDRmNWYzZWE0 NTBjMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL2NsYXNzMS5j cmwwDQYJKoZIhvcNAQEEBQADgYEAUMq/Dtjh6qzf8sdDNxW6iDnN25VDyZMFgmfb0Epnh3Zi o/zeedJO4zm2/pvvLo8WiEsTTHdBimi3qn7eKaeA46EI9bev8Le2113//twTZhFWoKI1hebz /qTs7U/zLGM9zRD6cs2IagFPOVlRH65AoSo4MXgFu+HU/aUw1fpzbXIwggMuMIICl6ADAgEC AhEA0nYujRQMPX2yqCVdr+4NdTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkg Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTgwNTEyMDAwMDAwWhcNMDgwNTEyMjM1OTU5 WjCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5j b3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEg Q0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZDCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEAu1pEigQWu1X9A3qKLZRPFXg2uA1Ksm+cVL+86Hcqnbnw aLuV2TFBcHqBS7lIE1YtxwjhhEKrwKKSq0RcqkLwgg4C6S/7wju7vsknCl22sDZCM7VuVIhP h0q/Gdr5FegPh7Yc48zGmo5/aiSS4/zgZbqnsX7vyds3ashKyAkG5JkCAwEAAaN8MHowEQYJ YIZIAYb4QgEBBAQDAgEGMEcGA1UdIARAMD4wPAYLYIZIAYb4RQEHAQEwLTArBggrBgEFBQcC ARYfd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQTAPBgNVHRMECDAGAQH/AgEAMAsG A1UdDwQEAwIBBjANBgkqhkiG9w0BAQIFAAOBgQCIuDc73dqUNwCtqp/hgQFxHpJqbS/28Z3T ymQ43BuYDAeGW4UVag+5SYWklfEXfWe0fy0s3ZpCnsM+tI6q5QsG3vJWKvozx74Z11NMw73I 4xe1pElCY+zCphcPXVgaSTyQXFWjZSAA/Rgg5V+CprGoksVYasGNAzzrw80FopCubjGCAjww ggI4AgEBMIHhMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNp Z24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5 L1JQQSBJbmNvcnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24g Q2xhc3MgMSBDQSBJbmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVk AhA9k/AV3oVH5b8fAYqgipwKMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3 DQEHATAcBgkqhkiG9w0BCQUxDxcNOTkwODEzMjEzMTUyWjAjBgkqhkiG9w0BCQQxFgQURUDj 9vr9JAfczPvXjXdG1Snn8SYwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG 9w0DAgICAIAwBwYFKw4DAgcwDQYIKoZIhvcNAwICAUAwDQYIKoZIhvcNAwICASgwDQYJKoZI hvcNAQEBBQAEgYBTmbTqfku1wLevAyuxv8GDKYEpj/juxlO6+UJvgySV3dNc5bhuTcVG6dGo piXAS/thoV6Mx09iMszQKDcHiyMQXW4YC/eFcri+9vzfHWZZ13ZxsnyGkPPBD+O1Pl/ARbVZ QEMuz4kwIjxJSioXDhC+PA9M9GOzJ65vc9cvE6FnbA== --------------ms6D139C0ACAAB8E6E9BF85151-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37B48EC6.3D1F0AC7>