From owner-freebsd-security  Mon Feb 17 14:23:30 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id OAA20195
          for security-outgoing; Mon, 17 Feb 1997 14:23:30 -0800 (PST)
Received: from ocean.campus.luth.se (ocean.campus.luth.se [130.240.194.116])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA20176
          for <security@freebsd.org>; Mon, 17 Feb 1997 14:23:22 -0800 (PST)
Received: (from karpen@localhost) by ocean.campus.luth.se (8.7.5/8.7.3) id XAA21874; Mon, 17 Feb 1997 23:25:20 +0100 (MET)
From: Mikael Karpberg <karpen@ocean.campus.luth.se>
Message-Id: <199702172225.XAA21874@ocean.campus.luth.se>
Subject: Re: blowfish passwords in FreeBSD
To: mark@quickweb.com (Mark Mayo)
Date: Mon, 17 Feb 1997 23:25:20 +0100 (MET)
Cc: security@freebsd.org
In-Reply-To: <Pine.BSF.3.94.970217160548.10948A-100000@vinyl.quickweb.com> from Mark Mayo at "Feb 17, 97 04:13:08 pm"
X-Mailer: ELM [version 2.4ME+ PL22 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

According to Mark Mayo:
[...]
> For DES, yes.... I wasn't really thinking abut the DES distribution, but
> for future crypto distributions. The problem is that the 'main' FreeBSD
> distribution site (ftp.freebsd.org) cannot export DES or other crypto
> software to other coutries - for people in other parts of the world, who
> perhaps aren't aware of the problems with the US gov.'s export laws right
> now, it can be a little confusing when tey are told at install time that
> because they don't live in the US they can't install DES/Kerberos... I
> guess maybe the FTP install could be setup to automagically use a non-US
> server when the user picks a sensitive crypto package?

That would be GREAT! If nothing else, when you choose DES, just pop up a
requester and say "Are you within the USA?  (Yes/No/Cancel)" and default
it to cancel. I for one haven't bothered to install DES because it seems
too much of a hassle. If you could just say "No, I'm not from the USA" and
have sysinstall try a few Non-US sites and get the DES if you tried to
install from a site called .edu/.us or .org/.com known to be US, or so.
I dunno. Something at least. Something the user basically just have to say
"No, I'm not from the USA" to, and it would do the rest. Period.
Jordan? :-)


Just my $0.02...
  /Mikael