[1206] in Kerberos_V5_Development
[Ran Atkinson ] Re: quick survey
daemon@ATHENA.MIT.EDU (Mark W. Eichin)
Fri May 17 14:16:03 1996
To: krbdev@MIT.EDU, randomizers@MIT.EDU
From: eichin@kitten.gen.ma.us (Mark W. Eichin)
Date: 17 May 1996 14:07:08 -0400
Not that it makes much difference given the DES code, but this is a
bit of a surprise regarding SHA-1...
------- Start of forwarded message -------
Message-Id: <199605171620.JAA12763@puli.cisco.com>
From: Ran Atkinson <rja@cisco.com>
Date: Fri, 17 May 1996 09:20:26 PDT
To: ipsec@TIS.COM
Subject: Re: quick survey
A bit of "good news, bad news", with the bad first...
A couple of people have observed in email that SHA-1 is export-controlled from
the US, which is surprising news to me (and in my personal opinion is
_incredibly_ stupid since its just a one-way hash function). However,
one of those folks provided me with a URL that makes this very clear.
The good news is that SHA-1 is under Commerce Department rules, which means
that US export licenses should be MUCH MUCH easier to obtain.
I'll cut/paste the relevant text from FIPS 180-1 below. I obtained
the quoted text from:
http://129.6.52.11/fips/fip180-1.txt
"Export Control: Implementations of this standard are subject to Federal
Government export controls as specified in Title 15, Code of Federal
Regulations, Parts 768 through 799. Exporters are advised to contact the
Department of Commerce, Bureau of Export Administration for more information."
If this changes the views of anyone who already responded via email,
please feel free to send a revised email along.
Ran
rja@cisco.com
--
------- End of forwarded message -------
