[6981] in Kerberos
Re: kerberos security
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Tue Apr 2 11:11:24 1996
Date: Tue, 2 Apr 96 10:57:47 EST
From: Barry Jaspan <bjaspan@bbnplanet.com>
To: Sam Hartman <hartmans@MIT.EDU>
Cc: Frank Jansen <mxer@kauri.vuw.ac.nz>, kerberos@MIT.EDU
In-Reply-To: [6979]
Unfortunately, MIT's Kerberos5 cannot be exported from the
United States. You will have to wait for someone to implement
Kerberos5 outside the US in order to get a legal copy.
There is reason to believe that Kerberos with triple-DES will not be
exportable from the U.S. even by the companies that have already
received export licenses for Kerberos with single DES, even to
U.S. owned subsidiaries or direct employees of U.S. companies working
in friendly countries. I cannot recall the reference off-hand, but
some well-known company recently tried to get a license for a
triple-DES product under these circumstances (communication with two
specific employees of a U.S. company, in Hong Kong I think) and was
told to replace triple-DES with single DES.
Of course, you never know until you try (hard).
Barry
