[4290] in Kerberos
Internationalizing Kerberos V5
daemon@ATHENA.MIT.EDU (don sharp)
Wed Dec 7 16:12:49 1994
Date: Wed, 7 Dec 1994 15:53:42 -0500
From: dsharp@world.std.com (don sharp)
To: ggm@dingo.cc.uq.oz.au, mark@comp.vuw.ac.nz
Cc: kerberos@MIT.EDU
Mark & George,
You both recently made comments about the export issues around
Kerberos V5, and I'm interested for my own reasons in knowing where
the problems are. I haven't looked at this issue in detail myself,
but it seems to me that what is export controlled is the cryptographic
stuff, not the protocol implementation, and the V5 distribution is
separated into the cryptography stuff (krb5.crypto.B4-3.tar) and the
rest (krb5.src.B4-3.tar), in essence, Kerberos V5 comes
pre-Bone-ified. So my question to you (who have a vested interest in
figuring out what's exportable and what isn't) is: why can't you take
the non-crypto part of the Kerberos V5, and just re-implement the
crypto portions?
In fact, it may even be possible to break the crypto part down still
further, as it contains 3 checksum algorithms (crc, md4 and md5) which
I beleive are not export restricted, as well as the actual privacy
encryption stuff (des). Then all you'd have to re-implement is the
actual DES algorithm. The function prototypes are readily available,
and DES is a widely published algorithm, so this seems like a very
doable task.
Is there any reason you know of why this wouldn't work?
---------
Don Sharp
dsharp@world.std.com
