[4306] in Kerberos
Re: Internationalizing Kerberos V5
daemon@ATHENA.MIT.EDU (jtkohl@MIT.EDU)
Sat Dec 10 09:09:12 1994
From: jtkohl@MIT.EDU
Date: Sat, 10 Dec 1994 08:50:49 -0500
To: mamros@ftp.com (Shawn Mamros)
Cc: kerberos@MIT.EDU
In-Reply-To: "[4292] in Kerberos"
Shawn wrote:
>Because the export rules (in the US, at least) don't allow for the export
>of code containing "hooks" into which cryptographic routines can be
>plugged in. Since the V5 code contains calls to crypto functions, it's
>not allowable even if you don't take the DES code with it.
I do not believe this question has been verified or tested with a
Commodity Jurisdiction request. When we (i.e. me working for Digital
and assigned to work at Athena at MIT) did the bones distribution, we
took the conservative approach and removed all the calls to crypto
functions from the base Kerberos code. We wanted to be absolutely sure
we'd get the "right" answer from the US State department, and with all
the calls ripped out, we were certain (and, as it turned out, correct)
that this would get us a ruling that the result was subject to the
jurisdiction of the Commerce department and was not export controlled as
a munition.
==John
