Kris Kennaway wrote:
>
> On Fri, 13 Aug 1999, Nick Sayer wrote:
>
> > I originally obtained SRA code from a University in Germany. I obtained
> > my implementation of IDEA from PGP. In fact, I used idea.[ch] and #if
> > 0'ed
> > out stuff that's not needed.
>
> Couldn't you work the code so it obtains all its' encryption functions
> from an external library, such as the system's libdes? That would let you
> export the code, since it doesn't provide any encryption functions itself,
> and international people could use the international DES library (for
> other encryption algorithms, pick a freely available implmenetation such
> as the one from openssl).
Alas, the commerce department says that even code that has no
cryptography
in itself, but that _interfaces_ to a crypto library is unexportable.
As an example, I have a hack for pine that interfaces it to Openssl
(the pine4+ssl port). That code is unexportable even though it talks
to a library that talks to a crypto library. This despite the fact that
it is distributed separately from the crypto itself. The same applies
to mod_ssl (at least when it is present within the US). You can't pass
that around even though it does no encryption by itself at all (the
fact that it may be available outside the US doesn't matter either.
You still can't export it even if it was originally IMported for it to
get here in the first place).
Yes, it sucks, and no, I am not making this up.
>
> I'm not sure what functionality this provides above something like
> SSLtelnet (in ports) or ssh, though. Probably much easier for folks to
> just use those.
The whole point is to have the default system come with something
better than plaintext logins that has no administrative overhead.
If the default telnet/telnetd (in the DES distribution) had this
functionality, it would end up being far more automatic than having
to go and build and install ANY alternative in the ports or having
to set up either Kerberos or S/key.
I use and am a big fan of SSH. But I had to install and configure it.
If we're ever going to reach the day when cryptographic security is
so routine we don't even think about it, we have to start having it
present
_by default_.
>
> Kris
S/MIME Cryptographic Signature
