Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!snorkelwacker!apple!agate!shelby!MIT.EDU!Saltzer From: Saltzer@MIT.EDU (Jerome H Saltzer) Newsgroups: comp.protocols.kerberos Subject: Re: So much for kerberos in Ultrix 4.0 (outside the USA) Message-ID: <9010051459.AA01000@PTT.LCS.MIT.EDU> Date: 5 Oct 90 14:59:20 GMT References: <1322@surf.sics.bu.oz> Sender: Organization: Internet-USENET Gateway at Stanford University Lines: 34 > (For those that don't know, DEC claimed that kerberos with full encryption > (in binary form only) was being sent will all versions with ultrix 4, > including sites outside of the USA) > > What do I find, NO DES ENCRYPTION ROUTINES IN THE DES LIBRARY !!! Eric, What you found in the Ultrix distribution is precisely what one would expect to find if Digital had pushed everything to the limit currently permitted by U.S. export controls. (The current interpretation permits encryption routines to be included in an authentication system but only if they embedded in such a way that they not easily accessible for general purpose use.) So the complaint you have is not with the distribution itself--the people who put it together did everything the law allowed. If there is a complaint, it is with whatever Digital may have said would be in the distribution. I haven't seen that description, but it would be interesting, in light of your observation, to go back and review that description carefully. Since the word "binary" is used both to mean "inside a loaded image" and "in the form of a *.o file" there is certainly the possibility of simple misinterpretation--especially after the message has passed through a couple of intermediaries who aren't fully aware that there is a difference. Another possible source of misinterpretation is that a lot of possible distribution methods have been discussed: with no encryption at all, with DES replace with a light-weight encryption system, with hooks for your own encryption, and with real DES. Is it possible that the message Digital was trying to deliver was that they had chosen the last possibility rather than one of the others? Jerry Saltzer