[6982] in Kerberos
Re: kerberos security
daemon@ATHENA.MIT.EDU (Mark Eichin)
Tue Apr 2 15:29:50 1996
To: kerberos@MIT.EDU
Date: 02 Apr 1996 14:37:32 -0500
From: Mark Eichin <eichin@maneki-neko.cygnus.com>
> in friendly countries. I cannot recall the reference off-hand, but
> some well-known company recently tried to get a license for a
> triple-DES product under these circumstances (communication with two
> specific employees of a U.S. company, in Hong Kong I think) and was
Qualcomm, in fact. The details went out on the ipsec@ans.net list. The
application was KA9Q NOS, and the country was Singapore; the
application was to make an IP tunnel from the Singapore office to the
US office; the Singapore office was staffed by two US
citizens... making this one of the easier licenses to get -- US
nationals, employed by a foreign subsidiary of a US corporation
(easier would be a Bank.) The form letter response specifically said:
_X_27. Please submit another license [sic] once your software has been
modified so that it no longer contains triple DES. Please specify
object code only on your license application.
The NSA reps at an X9 meeting several years ago allegedly "promised"
that 3DES would not be exportable; seems they're keeping that
promise...
