[1584] in Kerberos
Re: kerberos outside US
daemon@ATHENA.MIT.EDU (Joe Pato)
Thu Oct 3 18:24:39 1991
From: pato@apollo.com (Joe Pato)
Date: Thu, 3 Oct 91 17:18:19 EDT
To: tytso@athena.mit.edu
Cc: lecom@siihp1.epfl.ch ("Claude Lecommandeur SIC-SII"), kerberos@MIT.EDU
In-Reply-To: tytso@athena.mit.edu, thu, 3 oct 91 16:52:10
From: pato@apollo.com (Joe Pato)
Date: Thu, 3 Oct 91 11:15:12 EDT
The OSF DCE includes a null encryption algorithm in its implementation of
Kerberos V5 for international distribution. Obtain sources (for a licensing
fee) from the OSF later this year.
Note, however, that the sources of Kerberos, even in the OSF DCE
version, will not be exportable. You will need to find a vendor who is
willing to provide binaries for your architecture and who is willing to
jump through the necessary hoops to get an export license. (If you
think this is absurd, note that any encryption information, including
the PIN information encoded on your back of your Visa card, is
technically under export control. Our (U.S.) tax dollars at work....
Sigh....)
- Ted
No, the OSF DCE sources ARE exportable. The international edition comes without
DES (and substitutes a singularly weak replacement - the identity function) and
is fully functional when built (albeit insecure). Foreign customers can then
add any encryption algorithm they choose.
- joe
-------
