[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ITAR vs. Diffie-Hellman Key Exchange?
In the discussions about people sniffing the net and the need for encrypted
telnets, one problem that has come up is the ITAR hassles that make exporting
Kerberos politically incorrect, though John Gilmore has gotten them
to admit that the Kerberos bones is none of their businesss :-)
However, is Diffie-Hellman exportable? After all, it's not crypto,
it's *just* key exchange, and people can plug in their own triple-DES
from the usual sources. It looks to me like it's probably legal,
though if you were to then transmit the password by XORing with the login
key or some such probably-unsafe behaviour it might not be.
I had heard somebody say there would be an updated RSAREF version including
Diffie-Hellman key exchange, though it's not in the package I just
ftp'd from rsa.com. Is this correct, and is there a planned release date?
Thanks; Bill
# Bill Stewart AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email [email protected] [email protected]
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465