[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Crippled Notes export encryption
> So where exactly do they draw the line? You can still construct your
> software in such a way that there is a clean boundary between the
> crypto stuff and the rest.
The line is drawn, AFAIK, at the actual crypto routines. You cannot
export the crypto routines, and the functions that call the crypto
routines.
> For example, could you have an application with a function:
>
> authenticate_user (int file_descriptor)
>
> which in the exportable version sends a password, and in the domestic
> version constructs some sort of authenticator?
Yes. In fact, this is what Bones did.
> Could you have an xdr-like function which on in an exportable version
> just does argument marshaling and in a domestic version also encrypts?
Yes. However the exported code cannot have the encryption hooks
in the code.
> How exactly are crypto-hooks defined? This restriction seems orders
> of magnitude more bogus than even the ban on exporting actual
> encryption.
Very vaguely. If I have a function that does something like this:
authenticate (args)
{
...
des_encrypt ();
...
}
I would have to remove the des_encrypt() call from the authenticate()
routine before it can be exported...
-derek