From owner-freebsd-security Mon Feb 17 21:12:50 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id VAA17889 for security-outgoing; Mon, 17 Feb 1997 21:12:50 -0800 (PST) Received: from minor.stranger.com (stranger.vip.best.com [204.156.129.250]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id VAA17881 for ; Mon, 17 Feb 1997 21:12:43 -0800 (PST) Received: from dog.farm.org (dog.farm.org [207.111.140.47]) by minor.stranger.com (8.6.12/8.6.12) with ESMTP id VAA14658; Mon, 17 Feb 1997 21:27:25 -0800 Received: (from dk@localhost) by dog.farm.org (8.7.5/dk#3) id VAA09296; Mon, 17 Feb 1997 21:16:22 -0800 (PST) Date: Mon, 17 Feb 1997 21:16:22 -0800 (PST) From: Dmitry Kohmanyuk Message-Id: <199702180516.VAA09296@dog.farm.org> To: karpen@ocean.campus.luth.se (Mikael Karpberg) Cc: freebsd-security@freebsd.org Subject: Re: blowfish passwords in FreeBSD Newsgroups: cs-monolit.gated.lists.freebsd.security Organization: FARM Computing Association Reply-To: dk+@ua.net X-Newsreader: TIN [version 1.2 PL2] Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article <199702172225.XAA21874@ocean.campus.luth.se> you wrote: > According to Mark Mayo: > [...] > > For DES, yes.... I wasn't really thinking abut the DES distribution, but > > for future crypto distributions. The problem is that the 'main' FreeBSD > > distribution site (ftp.freebsd.org) cannot export DES or other crypto > > software to other coutries - for people in other parts of the world, who > > perhaps aren't aware of the problems with the US gov.'s export laws right > > now, it can be a little confusing when tey are told at install time that > > because they don't live in the US they can't install DES/Kerberos... I > > guess maybe the FTP install could be setup to automagically use a non-US > > server when the user picks a sensitive crypto package? > That would be GREAT! If nothing else, when you choose DES, just pop up a > requester and say "Are you within the USA? (Yes/No/Cancel)" and default > it to cancel. I for one haven't bothered to install DES because it seems Just a minor nit. Being _within_ USA and being subject to USA cryptoexport laws can be not the same. I am not U.S. citizen - just working there, and because of that, don't want to use U.S. sites regardless. Now, what about if I install software on machine outside the U.S. if I am U.S. citizen? or if I not? The legal warning should be more detailed. > too much of a hassle. If you could just say "No, I'm not from the USA" and > have sysinstall try a few Non-US sites and get the DES if you tried to > install from a site called .edu/.us or .org/.com known to be US, or so. > I dunno. Something at least. Something the user basically just have to say > "No, I'm not from the USA" to, and it would do the rest. Period. > Jordan? :-) I think that just having main repository into a normal country can be a better option. Sadly, most normal countries have poorer Internet connectivity. -- "There must be some part of the brain that only activates when you learn UNIX."