sure, and we'll do it right away :) --Irene
On Wed, 2006-11-08 at 13:45 -0600, Brian Cameron wrote: > Irene: > > In your email you say that "you don't think there will be any risk". > Are you sure that there is no risk? > > If you are not sure, then I would recommend that you send your analysis > to the ef-core at sun.com mail alias so that the security experts at Sun > review your work and can verify that the Export Control Form is filled > out correctly for Evolution. Does this seem like a good idea? > > Brian > > > Irene (Shi Ying) Huang wrote: > > Hi, all > > > > Looking from the code, GNUTLS has no support for RSA_PSK yet. > > Only NULL encryption PSK and DHE_PSK support is added. > > > > PSK, as is mentioned by Jeff, is the abbreviation for Pre-shared Key > > authentication. > > > > Definition: "Authentication using Pre-shared keys is a method to > > authenticate using usernames and binary keys. This protocol avoids > > making use of public key infrastructure and expensive calculations, thus > > it is suitable for constraint clients." > > > > As for export control, NULL encryption PSK does not matters. While for > > DHE_PSK, the DHE hash algorithm is used in the old version of GnuTLS. So > > we don't think there will be any risk (if encrypted key exchange > > algorithms are of concern for export control). > > > > The attached is the manual for GNULTS published on Oct 26, 2006, just > > for your further reference. > > > > --Irene > > On Tue, 2006-11-07 at 15:36 +0800, Jeff Cai wrote: > >> GnuTLS is a gnu open-source project which provides a secure layer over > >> a > >> reliable transport layer. The TLS protocol provides communications > >> privacy over the Internet. The protocol allows client/server > >> applications to communicate in a way that is designed to prevent > >> eavesdropping, tampering, or message forgery. > >> > >> It was Evolution first introduced GnuTLS to Solaris, and now both gaim > >> and vino depend on it. > >> > >> Recently, GnuTLS in gnu community is upgraded from 1.2 to 1.4. To keep > >> consistent with the community, we should upgrade it on nevada. The > >> upper > >> version mainly adds support for TLS Pre-Shared Key (TLS-PSK) > >> ciphersuites. Pre-Shared Key is a mechanism of keys management with > >> several key-exchange algorithms( PSK Key Exchange, DHE_PSK Key > >> Exchange, > >> RSA_PSK Key Exchange ). The purposes are to avoid the need for public > >> key operations and make key management more convenient. This upgrade > >> doesn't add any cryption algorithm. >
