Crippled Notes export encryption
David Mazieres
dm at amsterdam.lcs.mit.edu
Fri Jan 26 17:14:13 PST 1996
> cc: Jeff Weinstein <jsw at netscape.com>, cypherpunks at toad.com
> Date: Wed, 24 Jan 1996 18:30:00 EST
> From: Derek Atkins <warlord at MIT.EDU>
>
> > How did kerberos avoid this? The "bones" distribution of kerberos
> > without crypto was not regulated by ITAR, right?
>
> Kerberos didn't leave the crypto plugable. The bones distribution
> removed not only the crypto routines but also the calls to the crypto
> routines. It would be hard to call that "pluggable". It took a lot
> of work for someone down under to replace all those crypto calls!
So where exactly do they draw the line? You can still construct your
software in such a way that there is a clean boundary between the
crypto stuff and the rest.
For example, could you have an application with a function:
authenticate_user (int file_descriptor)
which in the exportable version sends a password, and in the domestic
version constructs some sort of authenticator?
Could you have an xdr-like function which on in an exportable version
just does argument marshaling and in a domestic version also encrypts?
How exactly are crypto-hooks defined? This restriction seems orders
of magnitude more bogus than even the ban on exporting actual
encryption.
David
More information about the cypherpunks-legacy
mailing list