From owner-freebsd-questions Mon Jun 18 3:26:47 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id 066AC37B401 for ; Mon, 18 Jun 2001 03:26:43 -0700 (PDT) (envelope-from tedm@toybox.placo.com) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f5IAQLl64707; Mon, 18 Jun 2001 03:26:22 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Toomas Aas" , Subject: RE: Export restrictions for Kerberos? Date: Mon, 18 Jun 2001 03:26:21 -0700 Message-ID: <000001c0f7e1$1e81cfe0$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <200106171948.f5HJmvO30279@lv.raad.tartu.ee> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG In the US high encryption software and algorithims are considered munitions and you must get a wavier from the Commerce department to export them. More information on this is located here: http://www.bxa.doc.gov/Encryption/Default.htm However, what they don't tell you there is that there was a ruling on May 6, 1999, the Ninth Circuit issued a decision in Bernstein v. Department of Commerce holding that the export controls violate the First Amendment as applied to encryption "source code," and further holding that the export controls on other encryption products cannot be judicially severed from those on encryption source code. Anyway, as you might imagine the US Government appealed and the Ninth granted the appeal - since then the government has been attempting various moves to delay and delay resolution on this case. There was a new liberalized set of encryption regulations released but it primariarly fast tracks mass-market 64 bit encryption. In the Open Source community, the usual method of dealing with this stupidity is for an archive server located outside the US to act as a source for the restricted software. The stupid part of all this is that the child porno people, drug dealers and foreign spies in the US by now all routinely encrypt at 128 bit or above, so the net effect of this stupidity is that the law-abiding citizens in the US are the ones penalized. It's not like the generally used high-encryption algorithems are any big secret, they are available in archive servers across the globe. The real root of the problem is that the Defence department is playing this big delaying game with encryption to attempt to keep people using old, easily crackable encryption schemes. However, there's a fundamental conflict with the First Amendment in the US on this issue. Ultimately, it's going to end up in front of the Supreme Court which is why the Presidential election in the US and the subsequent changes in the US Senate have been so critical. It was touch and go there for a while with the conservatives poised to stuff the court, but with the reverting of the Senate back to the liberals, we will probably end up with some moderates on the court, so there's a good chance that in the next 5 years we will see the crypto regulations completely removed. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Toomas Aas >Sent: Sunday, June 17, 2001 12:49 PM >To: freebsd-questions@FreeBSD.ORG >Subject: Export restrictions for Kerberos? > > >Hello! > >I tried to install krb5 and it basically told me that it is >illegal to do so outside of the U.S., because Kerberos contains >encryption software that cannot be exported from U.S. > >I admit that U.S. legislation is not one of my fields of >expertise, however, I remember hearing some time ago that lot >of U.S. export restrictions for cryptography were removed. > >Is Kerberos still considered "too good" to be exported from >U.S.? If so, what alternatives do you recommend? > >-- >Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ >* The cost of living hasn't affected its popularity. > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message