[6460] in Kerberos
Re: Does a Kerberos 5 "export version" exist?
daemon@ATHENA.MIT.EDU (Rich Salz)
Mon Jan 8 23:49:06 1996
To: kerberos@MIT.EDU
Date: 9 Jan 1996 04:19:30 GMT
From: rsalz@osf.org (Rich Salz)
In <NEWTNews.820871214.8891.jmasinte@JMASINTER_PC.bsan.com> jmasinter@bellsouth.net writes:
>Further, one would only need to modify the "des" source sub-dir. to
>make it legal... If you have medium sized bucks, I can do that! :)
You have to be careful how you would do it. For example, while a binary
that used "40bit DES" is probably exportable, if you just took the MIT DES
code and masked off 8bytes, that would not be exportable. That's because
you're doing a trivial modification and you're still publishing full DES.
You sure medium-sized bucks is enough? :)
>Another option is to have someone strip the DES out, and mail you
>the encryption-less version, then you could insert any encryption
>algorithm you like.
Again, not quite. When shipping source, the NSA will typically require
you to not only remove the encryption code, but the places where it is
called that provide privacy/confidentiality. That is, functions like
krb_mk_priv need special consideration.
/r$
