[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crippled Notes export encryption



> cc: Jeff Weinstein <[email protected]>, [email protected]
> Date: Wed, 24 Jan 1996 18:30:00 EST
> From: Derek Atkins <[email protected]>
> 
> > How did kerberos avoid this?  The "bones" distribution of kerberos
> > without crypto was not regulated by ITAR, right?
> 
> Kerberos didn't leave the crypto plugable.  The bones distribution
> removed not only the crypto routines but also the calls to the crypto
> routines.  It would be hard to call that "pluggable".  It took a lot
> of work for someone down under to replace all those crypto calls!

So where exactly do they draw the line?  You can still construct your
software in such a way that there is a clean boundary between the
crypto stuff and the rest.

For example, could you have an application with a  function:

	authenticate_user (int file_descriptor)

which in the exportable version sends a password, and in the domestic 
version constructs some sort of authenticator?

Could you have an xdr-like function which on in an exportable version
just does argument marshaling and in a domestic version also encrypts?

How exactly are crypto-hooks defined?  This restriction seems orders
of magnitude more bogus than even the ban on exporting actual
encryption.

David