Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 18 Jun 2001 03:26:21 -0700
From:      "Ted Mittelstaedt" <tedm@toybox.placo.com>
To:        "Toomas Aas" <toomas.aas@raad.tartu.ee>, <freebsd-questions@FreeBSD.ORG>
Subject:   RE: Export restrictions for Kerberos?
Message-ID:  <000001c0f7e1$1e81cfe0$1401a8c0@tedm.placo.com>
In-Reply-To: <200106171948.f5HJmvO30279@lv.raad.tartu.ee>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
In the US high encryption software and algorithims are
considered munitions and you must get a wavier from
the Commerce department to export them.  More information
on this is located here:

http://www.bxa.doc.gov/Encryption/Default.htm

However, what they don't tell you there is that there was
a ruling on May 6, 1999, the Ninth Circuit issued a decision
in Bernstein v. Department of Commerce holding that the export
controls violate the First Amendment as applied to encryption
"source code," and further holding that the export controls
on other encryption products cannot be judicially severed
from those on encryption source code.

Anyway, as you might imagine the US Government appealed and
the Ninth granted the appeal - since then the government has
been attempting various moves to delay and delay resolution
on this case.

There was a new liberalized set of encryption regulations
released but it primariarly fast tracks mass-market 64 bit
encryption.

In the Open Source community, the usual method of dealing
with this stupidity is for an archive server located outside
the US to act as a source for the restricted software.

The stupid part of all this is that the child porno people,
drug dealers and foreign spies in the US by now all routinely
encrypt at 128 bit or above, so the net effect of this stupidity is
that the law-abiding citizens in the US are the ones penalized.
It's not like the generally used high-encryption algorithems
are any big secret, they are available in archive servers across
the globe.

The real root of the problem is that the Defence department
is playing this big delaying game with encryption to attempt to
keep people using old, easily crackable encryption schemes.
However, there's a fundamental conflict with the First Amendment
in the US on this issue.  Ultimately, it's going to end up in
front of the Supreme Court which is why the Presidential election
in the US and the subsequent changes in the US Senate have been
so critical.  It was touch and go there for a while with the
conservatives poised to stuff the court, but with the reverting of
the Senate back to the liberals, we will probably end up with some
moderates on the court, so there's a good chance that in the next
5 years we will see the crypto regulations completely removed.

Ted Mittelstaedt                      tedm@toybox.placo.com
Author of:          The FreeBSD Corporate Networker's Guide
Book website:         http://www.freebsd-corp-net-guide.com


>-----Original Message-----
>From: owner-freebsd-questions@FreeBSD.ORG
>[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Toomas Aas
>Sent: Sunday, June 17, 2001 12:49 PM
>To: freebsd-questions@FreeBSD.ORG
>Subject: Export restrictions for Kerberos?
>
>
>Hello!
>
>I tried to install krb5 and it basically told me that it is 
>illegal to do so outside of the U.S., because Kerberos contains 
>encryption software that cannot be exported from U.S.
>
>I admit that U.S. legislation is not one of my fields of 
>expertise, however, I remember hearing some time ago that lot 
>of U.S. export restrictions for cryptography were removed.
>
>Is Kerberos still considered "too good" to be exported from 
>U.S.? If so, what alternatives do you recommend?
>
>--
>Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/
>* The cost of living hasn't affected its popularity.
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?000001c0f7e1$1e81cfe0$1401a8c0>