daemon@TELECOM.MIT.EDU (Clifford Neuman)
Sat Mar 4 10:26:52 1989
From: bcn@JUNE.CS.WASHINGTON.EDU (Clifford Neuman)
I just saw the following in sci.crypt:
From: firstname.lastname@example.org (Antti Louko)
Date: 3 Mar 89 14:38:48 GMT
Reply-To: email@example.com (Antti Louko)
I am developing a freely distributable authentication package for UNIX
environment. I have now finished my DES routines. DES package is
available at kampi.hut.fi (188.8.131.52) by anonymous ftp. You can use
the package for non-commercial purposes. If you want to use the
package commercially, please contact me.
The package is in C, and you should use GNU C-compiler to compile it,
as it contains no register declarations. It should compile with normal
C-compiler, too, but it won't be very fast. It is tested on VAX BSD
4.3, and it has run on SUNs, too.
DES distribution is in a compressed tar archive file des-dist.tar.Z
under directory ~ftp/alo.
If you have bug fixes or other comments, please send mail to me.
Now, suppose we could convince this person to provide the same
procedural interface to DES as we use with Kerberos. Could we then
export a version of Kerberos without encryption, and tell the people
that get that version to get the DES routines from Finland?
daemon@TELECOM.MIT.EDU (Rich Salz)
Mon Mar 6 09:28:56 1989
From: Rich Salz <rsalz@BBN.COM>
To: bcn@JUNE.CS.WASHINGTON.EDU, kerberos@ATHENA.MIT.EDU
I have a moderator in Australia for comp.sources.unix; if someone
sent him the Finland package to post, then it'd be freely available...
From: Jerome H Saltzer <jhs%computer-lab.cambridge.ac.uk@NSS.CS.UCL.AC.UK>
In-Reply-To: Clifford Neuman's message of Sat, 4 Mar 89 07:23:26 PST
> Now, suppose we could convince this person to provide the same
> procedural interface to DES as we use with Kerberos. Could we then
> export a version of Kerberos without encryption, and tell the people
> that get that version to get the DES routines from Finland?
Unfortunately, we explored this path pretty thoroughly with the
lawyers. We didn't know about the Finnish (Finlandish?)
implementation, but we knew of implementations from Switzerland,
Germany, England, and Australia. The problem is that Kerberos with
the DES package omitted appears to fall into an equally tightly
controlled software export category called "ancillary encryption
The current export strategy includes reviving the PC implementation of
Kerberos with the goal of moving it into a newly-created category of
"software intended for a mass-market" or some name like that. Then it
might be possible to export it either with a non-DES algorithm or in a
form where someone else can add whatever encryption they like.
Meanwhile, a temporary export expedient is to go through the source
and remove the calls to the encryption library completely, thereby
turning it into ordinary software for purposes of export. Although
that approach emasculates the security, it at least preserves all the
interfaces so that the rest of the Athena system doesn't have to be
tinkered with as part of initial export projects.