Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!bellcore!ka9q.bellcore.com!karn
From: karn@ka9q.bellcore.com (Phil Karn)
Newsgroups: comp.protocols.kerberos
Subject: Re: Change in Export Rules
Message-ID: <17031@bellcore.bellcore.com>
Date: 24 Jun 89 19:50:25 GMT
References: <8906230453.AA21081@PTT.LCS.MIT.EDU> <5835@cloud9.Stratus.COM>
Sender: news@bellcore.bellcore.com
Reply-To: karn@ka9q.bellcore.com (Phil Karn)
Organization: Secular Humanists for No-Code
Lines: 26


This whole subject of export controls on software that is freely available
to one and all in the US is really starting to get to me. Is there even one
person in the State or Defense Departments who sincerely believes that the
Soviets (or any other country with an interest) doesn't already have a copy
of Kerberos, complete with encryption routines? If so, they're further out
of touch with reality than I thought.

Kerberos has been available by anonymous FTP for months. And at least three
other public domain DES encryption packages have been available for many
years by anonymous FTP from various sites, not to mention public access
bulletin boards, sneakernet, floppies in the mail, etc.

And then there are at least two internationally-published textbooks
(Numerical Recipes, all versions, and both editions of Tannenbaum's Computer
Networks) and one magazine article (Byte, April 1979) that contain complete
source code listings of DES in Fortran, Pascal, C and even 6502 assembler.
And there are dozens more books and articles that describe the DES
algorithms in complete detail, if we can make the rash assumption that there
are actually some competent computer programmers outside the US.

It's time to put an end to this silly "export control" nonsense, with a
lawsuit if necessary.  American computer people have better things to do
with their time than deal with regulations totally devoid of common sense.

Phil