[4292] in Kerberos
Re: Internationalizing Kerberos V5
daemon@ATHENA.MIT.EDU (Shawn Mamros)
Thu Dec 8 12:30:52 1994
To: kerberos@MIT.EDU
Date: Thu, 08 Dec 1994 11:28:26
From: mamros@ftp.com (Shawn Mamros)
Reply-To: mamros@ftp.com
dsharp@world.std.com (don sharp) writes:
>[...] but it seems to me that what is export controlled is the cryptographic
>stuff, not the protocol implementation, and the V5 distribution is
>separated into the cryptography stuff (krb5.crypto.B4-3.tar) and the
>rest (krb5.src.B4-3.tar), in essence, Kerberos V5 comes
>pre-Bone-ified. So my question to you (who have a vested interest in
>figuring out what's exportable and what isn't) is: why can't you take
>the non-crypto part of the Kerberos V5, and just re-implement the
>crypto portions?
Because the export rules (in the US, at least) don't allow for the export
of code containing "hooks" into which cryptographic routines can be
plugged in. Since the V5 code contains calls to crypto functions, it's
not allowable even if you don't take the DES code with it.
The V4 Bones release contains no calls to cryptographic routines. By
itself, it's completely useless from a security standpoint. One has to
add the cryptographic calls back in the right places (and then, of
course, the functions themselves). That's exactly what was done to produce
the "E-Bones" release.
No, it doesn't make much sense. As I said, we have silly export laws
in the US... :-)
-Shawn Mamros
E-mail to: mamros@ftp.com
