riordanmr@clvax1.cl.msu.edu (Mark Riordan) (03/13/91)
Archive-name: security/crypt/spx/1991-03-12
Archive-directory: crl.dec.com:/pub/DEC/SPX/ [192.58.206.2]
Original-posting-by: riordanmr@clvax1.cl.msu.edu (Mark Riordan)
Original-subject: SPX: Public key software demo free from DEC
Reposted-by: emv@ox.com (Edward Vielmetti)
I got this message by sending an email request to:
sphinx-request@dsmail.enet.dec.com
Subject: Announcing SPX Availability
Announcing the availablity of SPX Beta Release.
SPX is an authentication service that enhances the security
in open networks by using public key technology. SPX is
distributed via anonymous FTP from crl.dec.com (address
192.58.206.2). The following files can be obtained in the
/pub/DEC/SPX directory.
SPX.v2.0-beta.tar.Z - SPX sources and documentation
(without crypto algorithm sources)
SPX.v2.0-doc.tar.Z - SPX documentation only
SPX-README - SPX README notes
kit-verifier.tar.Z - sources for kit verifier program
SPX-FORMS - forms to obtain crypto algorithms
Also, for DIGITAL internal distribution, the SPX kit can be
ftp'd from crl, or copied from CRL::/pub/DEC/SPX.
Recipients can be assured that they received a valid SPX kit
from DIGITAL if the kit-verifier program returns the
following checksum specified in the SPX-README file located
on crl.dec.com in the /pub/DEC/SPX directory.
kit's name checksum
---------- --------
SPX.v2.0-beta.tar.Z ee4e5c35d2d67653f82f873759f42f34
SPX Beta Release Overview
o This version of SPX is for Beta test only.
Caution: SPX is a prototype and should NOT be relied on to
protect sensitive information. (Testing may find bugs which
are potential security holes.)
o This software is supplied "as is" with no warranty
of any kind, expressed or implied, for any purpose,
including any warranty of fitness or merchantibility.
DIGITAL assumes no responsibility for the use or
reliability of this software, nor promises to provid any
form of support for it on any basis.
o Distribution of this software is authorized only if
no profit or remuneration of any kind is received in
exchange for such distribution.
o This software produces public key authentication
certificates bearing an expiration date established by
DIGITAL and RSA Data Security, Inc. It may cease to
generate certificates after the expiration date.
Any modification of this software that changes or defeats
the expiration date or its effect is unauthorized.
o SPX distribution recipients can register users and
use the rtools.
o SPX is working towards providing a common API
interface with Kerberos. Discussions refining this
interface, in conjunction with MIT/Project Athena,
are in progress at this time. Users should be cautious
about writing applications to SPX's API. As the API
evolves, SPX users will be made aware of any changes
through the SPX distribution list.
o We expect to offer a new SPX version with bug
fixes, and comments after Beta test.
o Comments on how to improve the usability of SPX are
welcome from users.
A SPX mailing list has been created for discussions related
to the deployment of SPX public key based authentication
service. The mailing list is intended to cover a wide range
of issues including :
o Issues related to deployment of SPX, including
technical issues, deployment status, availability,
etc.
o Issues related to protocol extensions, API issues,
clarification of details, unpublished changes, etc.
Please send contributions to the list at
"sphinx@crl.dec.com". Administrative requests, e.g.,
additions to or deletions from the list, should be sent to
"sphinx-request@crl.dec.com".
If you have questions or comments, please send them by e-mail
to "sphinx-info@crl.dec.com" or mail them to :
SPX Distribution
Digital Equipment Corporation
295 Foster Street, LTN1-1/G08
Littleton, MA 01460
Fax: (508) 486-6014
The SPX kit is split into two components:
1) the kit without the sources for DES and RSA crypto
algorithms (publically available).
2) the sources for the DES and RSA crypto algorithms
(Export controlled).
However, the crypto sources will be distributed only to
individuals who declare themselves as US citizens working in
the US. Note that the kit is essentially useless without
the crypto algorithms in either source or binary form. We
are in the process of making arrangements for binary crypto
distribution outside the US.
SPX is intended to be portable software for UNIX (tm) TCP/IP
platforms. Currently, we have ported SPX for ULTRIX VAX and MIPS
platforms.
You can request the crypto sources by filling out the attached
form and returning it to us. The crypto algorithm source code
is subject to U.S. export restrictions under the U.S. Department
of State's International Traffic in Arms Regulations (22 CFR
Subchapter M).
--------------------------------------------------------------------------------
+---------------------------+ TM
| | | | | | | |
| d | i | g | i | t | a | l | M E M O R A N D U M
| | | | | | | |
+---------------------------+
Date: 11 March 1991
To: Requester From: Bruce Chase
Loc.M/S: LTN1-1/G08
Phone: (508) 486-6011
E-Mail: chase@ultra.enet.dec.com
SUBJECT: Request for SPX crypto algorithm source code
Please provide the following information in order to be granted
SPX crypto algorithm source code:
Your full name: ________________________________
Nationality: ________________________________
Affiliation: ________________________________
Department: ________________________________
Address: ________________________________
________________________________
________________________________
________________________________
Phone number: _(_____)________________________
E-Mail address: ________________________________
Following information is desired regarding your computing
environment to assist us in supporting SPX.
Number of networked systems: ________
Hardware platforms: ________________________________
________________________________
Operating Systems: ________________________________
________________________________
Network protocols: ________________________________
________________________________
What network authentication service is presently being used?
________________________________
Please reply to this request by inserting the appropriate
information. You may fax a hardcopy (with original to follow
later by mail) of this request to the following address:
SPX Distribution, Attn. Bruce Chase
Digital Equipment Corporation
295 Foster Street, LTN1-1/G08
Littleton, MA 01460
Fax: (508) 486-6014
In the event you cannot be approved for receipt of the SPX crypto
algorithm source code, you will be sent a rejection notification.
If you are approved, you will be mailed a shell archive file with
the SPX crypto sources.
The information in the SPX crypto algorithm source code is
subject to U.S. export restrictions under the U.S. Department
of State's International Traffic in Arms Regulations (22 CFR
Subchapter M).
Access to the SPX crypto algorithm source code will be granted
to you under the condition that you agree not to disclose information
found in the crypto sources to people who are not authorized access
to the information. Authorized access is granted only to those
individuals who have completed the aforementioned form and been
approved for receipt of the SPX crypto sources. This may be viewed
as an individual source license which cannot be shared. This
restriction does not apply to the base SPX code, only to the crypto
algorithm sources.
Also, SPX uses a patented RSA algorithm which is copyrighted in the
source distribution. Access to SPX sources will be granted to you
under the condition that you agree not to tamper with either the
RSA algorithm or certification authority functions. By sending you
the SPX crypto algorithm source code, Digital Equipment Corporation
is not authorizing the Requestor to use the RSA algorithm in SPX
beyond the indended use in the software.
Print name: ________________________________
Signature: ________________________________
Date: ________________________________