[3363] in Kerberos
Re: DES export to Europe
daemon@ATHENA.MIT.EDU (Lyle_Seaman@transarc.com)
Thu Jun 2 19:13:25 1994
To: kerberos@MIT.EDU
Date: Thu, 2 Jun 1994 09:49:06 -0400
From: Lyle_Seaman@transarc.com
Excerpts from netnews.alt.security: 2-Jun-94 DES export to Europe Marc
Verbruggen@btma06.g (821)
> As I understand, companies from the USA are not allowed to export encryption
> software based on DES. What does this mean ? Has it to do with the key
> length ?
> What do the DCE Security Services (Kerberos) contain as encryption ? Do I have
> to buy DCE from a European company ? We just bought a software product, which
> uses Kerberos as authentication method ? Is this(legally) possible ?
US companies are required to get special licenses to export software
which may be used to encrypt data. It has little to do with key length,
and more to do with the security of the chosen encryption method.
The DCE Security Services (and Kerberos, and the AFS kaserver) use DES
to encrypt the *authentication exchange* but not actual user data. The
US Govt has deemed this acceptable. Although licenses must still be
obtained, there is a streamlined process in place.
The DCE permits DES encryption of the user data, but most vendors are
packaging this as an add-on option which is only available to domestic
customers (or with the appropriate licenses).
--
Lyle Transarc 707 Grant Street
412 338 4474 The Gulf Tower Pittsburgh 15219
"Gossip is what makes the world go round. I have very few secrets.
I would be deeply concerned if a device were marketed that could stop
interception..." Emma Nicholson, MP.
