[1126] in Kerberos
Re: So much for kerberos in Ultrix 4.0 (outside the USA)
daemon@ATHENA.MIT.EDU (Jerome H Saltzer)
Fri Oct 5 11:43:22 1990
Date: Fri, 5 Oct 90 10:59:20 EDT
From: Jerome H Saltzer <Saltzer@mit.edu>
To: eay@surf.sics.bu.oz
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: Eric the Young's message of 5 Oct 90 00:54:04 GMT <1322@surf.sics.bu.oz>
> (For those that don't know, DEC claimed that kerberos with full encryption
> (in binary form only) was being sent will all versions with ultrix 4,
> including sites outside of the USA)
>
> What do I find, NO DES ENCRYPTION ROUTINES IN THE DES LIBRARY !!!
Eric,
What you found in the Ultrix distribution is precisely what one would
expect to find if Digital had pushed everything to the limit currently
permitted by U.S. export controls. (The current interpretation
permits encryption routines to be included in an authentication system
but only if they embedded in such a way that they not easily
accessible for general purpose use.)
So the complaint you have is not with the distribution itself--the
people who put it together did everything the law allowed. If there
is a complaint, it is with whatever Digital may have said would be in
the distribution. I haven't seen that description, but it would be
interesting, in light of your observation, to go back and review that
description carefully. Since the word "binary" is used both to mean
"inside a loaded image" and "in the form of a *.o file" there is
certainly the possibility of simple misinterpretation--especially
after the message has passed through a couple of intermediaries who
aren't fully aware that there is a difference.
Another possible source of misinterpretation is that a lot of possible
distribution methods have been discussed: with no encryption at all,
with DES replace with a light-weight encryption system, with hooks for
your own encryption, and with real DES. Is it possible that the
message Digital was trying to deliver was that they had chosen the
last possibility rather than one of the others?
Jerry Saltzer
