[4424] in Kerberos
Re: kerberos5 exportability
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Tue Jan 3 11:59:08 1995
To: kerberos@MIT.EDU
Date: 03 Jan 1995 16:47:35 GMT
From: marc@cam.ov.com (Marc Horowitz)
>> Further, there are already gutted implementations of libdes available
>> (bones) which could in theory be dropped into the relevant places,
>> though I haven't checked as to how this will work yet.
I see a hole. bones isn't a gutted libdes implementation. bones is a
gutted krb4 implementation, where they removed all of libdes, and all
of the calls to any libdes functions.
Now, I've thought about this, and it appears that one could produce an
exportable version of kerberos simply by removing DES from the
cryptoswitch, and writing a dummy mechanism to replace it so things
could compile and function, albeit insecurely.
>> That being done, all that should need to happen is for me (or someone)
>> to make this freely available on the net in order for it to be
>> exportable.
One would think this, but I wouldn't be sure until you've gone through
the CJ process. If you (or anyone else) does do this, I'd like to
hear about it.
Marc
