Kris Kennaway wrote: > > On Fri, 13 Aug 1999, Nick Sayer wrote: > > > I originally obtained SRA code from a University in Germany. I obtained > > my implementation of IDEA from PGP. In fact, I used idea.[ch] and #if > > 0'ed > > out stuff that's not needed. > > Couldn't you work the code so it obtains all its' encryption functions > from an external library, such as the system's libdes? That would let you > export the code, since it doesn't provide any encryption functions itself, > and international people could use the international DES library (for > other encryption algorithms, pick a freely available implmenetation such > as the one from openssl).
Alas, the commerce department says that even code that has no cryptography in itself, but that _interfaces_ to a crypto library is unexportable. As an example, I have a hack for pine that interfaces it to Openssl (the pine4+ssl port). That code is unexportable even though it talks to a library that talks to a crypto library. This despite the fact that it is distributed separately from the crypto itself. The same applies to mod_ssl (at least when it is present within the US). You can't pass that around even though it does no encryption by itself at all (the fact that it may be available outside the US doesn't matter either. You still can't export it even if it was originally IMported for it to get here in the first place). Yes, it sucks, and no, I am not making this up. > > I'm not sure what functionality this provides above something like > SSLtelnet (in ports) or ssh, though. Probably much easier for folks to > just use those. The whole point is to have the default system come with something better than plaintext logins that has no administrative overhead. If the default telnet/telnetd (in the DES distribution) had this functionality, it would end up being far more automatic than having to go and build and install ANY alternative in the ports or having to set up either Kerberos or S/key. I use and am a big fan of SSH. But I had to install and configure it. If we're ever going to reach the day when cryptographic security is so routine we don't even think about it, we have to start having it present _by default_. > > Kris
smime.p7s
Description: S/MIME Cryptographic Signature
