daemon@TELECOM.MIT.EDU (Clifford Neuman) Sat Mar 4 10:26:52 1989 From: bcn@JUNE.CS.WASHINGTON.EDU (Clifford Neuman) To: kerberos@ATHENA.MIT.EDU I just saw the following in sci.crypt: From: alo@kampi.hut.fi (Antti Louko) Newsgroups: sci.crypt Date: 3 Mar 89 14:38:48 GMT Reply-To: alo@kampi.hut.fi (Antti Louko) I am developing a freely distributable authentication package for UNIX environment. I have now finished my DES routines. DES package is available at kampi.hut.fi (128.214.3.9) by anonymous ftp. You can use the package for non-commercial purposes. If you want to use the package commercially, please contact me. The package is in C, and you should use GNU C-compiler to compile it, as it contains no register declarations. It should compile with normal C-compiler, too, but it won't be very fast. It is tested on VAX BSD 4.3, and it has run on SUNs, too. DES distribution is in a compressed tar archive file des-dist.tar.Z under directory ~ftp/alo. If you have bug fixes or other comments, please send mail to me. Antti Louko alo@kampi.hut.fi Now, suppose we could convince this person to provide the same procedural interface to DES as we use with Kerberos. Could we then export a version of Kerberos without encryption, and tell the people that get that version to get the DES routines from Finland? ~ Cliff
daemon@TELECOM.MIT.EDU (Rich Salz) Mon Mar 6 09:28:56 1989 From: Rich Salz <rsalz@BBN.COM> To: bcn@JUNE.CS.WASHINGTON.EDU, kerberos@ATHENA.MIT.EDU I have a moderator in Australia for comp.sources.unix; if someone sent him the Finland package to post, then it'd be freely available... /r$
From: Jerome H Saltzer <jhs%computer-lab.cambridge.ac.uk@NSS.CS.UCL.AC.UK> To: bcn@JUNE.CS.WASHINGTON.EDU Cc: kerberos@ATHENA.MIT.EDU In-Reply-To: Clifford Neuman's message of Sat, 4 Mar 89 07:23:26 PST <8903041523.AA14690@june.cs.washington.edu> > Now, suppose we could convince this person to provide the same > procedural interface to DES as we use with Kerberos. Could we then > export a version of Kerberos without encryption, and tell the people > that get that version to get the DES routines from Finland? Cliff, Unfortunately, we explored this path pretty thoroughly with the lawyers. We didn't know about the Finnish (Finlandish?) implementation, but we knew of implementations from Switzerland, Germany, England, and Australia. The problem is that Kerberos with the DES package omitted appears to fall into an equally tightly controlled software export category called "ancillary encryption control equipment". The current export strategy includes reviving the PC implementation of Kerberos with the goal of moving it into a newly-created category of "software intended for a mass-market" or some name like that. Then it might be possible to export it either with a non-DES algorithm or in a form where someone else can add whatever encryption they like. Meanwhile, a temporary export expedient is to go through the source and remove the calls to the encryption library completely, thereby turning it into ordinary software for purposes of export. Although that approach emasculates the security, it at least preserves all the interfaces so that the rest of the Athena system doesn't have to be tinkered with as part of initial export projects. Jerry