[7316] in Kerberos
Re: US Export Restrictions
daemon@ATHENA.MIT.EDU (Reece R. Pollack)
Mon May 20 14:14:54 1996
To: kerberos@MIT.EDU
Date: 20 May 1996 17:11:00 GMT
From: reece@eco.twg.com (Reece R. Pollack)
Reply-To: reece@eco.twg.com
In article <199605170319.UAA03816@imo.plaintalk.bellevue.wa.us>, dennisg@plaintalk.bellevue.wa.us (Dennis Glatting) writes:
|>
|>Date: 16 May 1996 13:47:18 GMT
|>From: altmark@endicott.ibm.com (Alan Altmark)
|>
|>> Was it my imagination, or did I see it mentioned that it is easy
|>> to get a US export license for Kerberos DES implementations?
|>>
|>
|>I don't know if it is easy, but, CyberSafe has an
|>exportable GSS-API Kerberos mechanism *with* user
|>level DES encryption.
At this point, encryption used for authentication is exportable with
a 14-day expedited CJR. If you want to supply user data encryption
capabilities, or expose the raw encryption routines for use by user-
developed programs, you've got some work on your hands.
There are several encryption algorithms which are easily exportable,
but I think the longest allowable key is 40 bits. Standard 56-bit DES
still can't be exported for user data encryption, even though there's
an FTP site in Finland that offers DES sources.
I expect all this to change within the next year or two. Of course, the
latest incarnation of the "Clipper" chip bill is not what I'd like to see.
--
Reece R. Pollack
Senior Software Engineer
Internet Products Group
Attachmate Corporation
