kauffman@UUNET.UU.NET (David Kauffman) (10/23/90)
is kerberos available via anonymous ftp? is there a licencing agreement required? do you know if a commercial implementation has been made available? thanks David Kauffman Network Management Architect Mobile Data International, Vancouver BC
jon@MIT.EDU (Jon A. Rochlis) (10/23/90)
is kerberos available via anonymous ftp?
Yes, but you (not MIT) must deal with the export issues. We make it
avaible via anonymous ftp, but clearly state that you cannot pull it
across internal boundaries. See the README referenced below for more details.
is there a licencing agreement required?
No. You may even use the code in a commerical product if you wish.
You just can't remove the MIT copyright or use MIT's name in
advertising without permission.
do you know if a commercial implementation has been made available?
Several companies have shipped products or are planning on doing so
soon. These include DEC, IBM, FTP software, OSF, and Transarc. There
are a couple of others I can't mention at this time.
-- Jon
To retrieve the distribution, ftp to ATHENA-DIST.MIT.EDU (18.71.0.38),
login as anonymous (password whatever you like, usually your
username@host), then cd to pub/kerberos.
Retrieve README.ftp, it has directions on how to get to the rest of the
software (it also contains information on who to contact for export
versions of the source code with no encryption routines).
Distribution is split compressed tar files (xxx.Z.aa, xxx.Z.ab, ...).
If you would like to retrieve documents separately, you can get them
from pub/kerberos/doc (documents) or pub/kerberos/man (manual pages).
If you prefer hardcopy of the documentation, send your address and request
to "info-kerberos@athena.mit.edu".
Alternatively, you may retrieve the source code and documentation by
sending electronic mail to 'archive-server@athena-dist.mit.edu'. The subject
line should be with 'index krb-code'. This will return an index of the
distribution. To retrieve pieces of the distribution, send mail with
a subject 'send krb-code xxxx' where xxxx is the filename as listed in
the index. To retrieve documents this way, send a message
'index krb-doc' to get the document index.
If you would like to be put on the Kerberos e-mail list
("kerberos@athena.mit.edu"), send your request to
"kerberos-request@athena.mit.edu".
This mailing list is gatewayed to the USENET newsgroup
comp.protocols.kerberos, so if you prefer to read that forum, you need
not ask to be added to kerberos@athena.mit.edu.
I would like to thank the following people for their assistance in
getting Kerberos in shape for release:
Andrew Borthwick-Leslie
Bill Bryant
Doug Church
Rob French
Dan Geer
Andrew Greene
Ken Raeburn
Jon Rochlis
Mike Shanzer
Bill Sommerfeld
Jennifer Steiner
Win Treese
Stan Zanarotti
FYI, the copyright notice:
Copyright (C) 1989 by the Massachusetts Institute of Technology
Export of this software from the United States of America is assumed
to require a specific license from the United States Government.
It is the responsibility of any person or organization contemplating
export to obtain such a license before exporting.
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
distribute this software and its documentation for any purpose and
without fee is hereby granted, provided that the above copyright
notice appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation, and that
the name of M.I.T. not be used in advertising or publicity pertaining
to distribution of the software without specific, written prior
permission. M.I.T. makes no representations about the suitability of
this software for any purpose. It is provided "as is" without express
or implied warranty.
--------
John Kohl
MIT Project Athena/Kerberos Development Team
karn@envy.bellcore.com (Phil Karn) (10/26/90)
I hate to reopen the subject of export controls, but recently I had a chance to actually READ the relevant ITAR documents. If I understand them correctly, they no longer prohibit the export of Kerberos since it is "public domain technical data" (as defined by the rules). Here are two items I recently posted on sci.crypt: Newsgroups: sci.crypt From: karn@envy.bellcore.com (Phil Karn) Subject: Re: Cryptography and the Law... Message-ID: <1990Oct22.192542@envy.bellcore.com> Reply-To: karn@thumper.bellcore.com Date: Mon Oct 22 19:25:42 1990 In article <1990Oct16.203545.4347@odin.corp.sgi.com>, nelson@sgi.com (Nelson Bolyard) writes: |> The export of encryption technology is *controlled* (not *ban*ed) by |> two departments of the U.S. Gov't. They control it by issuing (or not |> issuing) export licenses. [...] Has anybody actually LOOKED recently at the regulations to see what they say? Yesterday I saw a copy of the International Traffic in Arms Regulations (ITARs) which are maintained by the US Department of State. It carried a November 1989 date. I was surprised to see that it now includes a blanket exemption for any "technical data" (which I interpret according to their definition to include cryptographic software) that is in the "public domain", which they define as information readily accessible to the public in any of several ways (note that this is different from the intellectual property definition of "public domain"). So it appears that the ITARs now include the same exemption for publicly available information that has long been carried in the Commerce Dept regulations. If so, it seems that there is no longer any reason to worry about the export of Kerberos, any of the various public-domain DES implementations, or indeed implementations of *any* cryptographic scheme as long as the author is willing to publish the code in the open literature. Proprietary systems would still be subject to controls. Has anybody else *recently* looked into this subject? Phil Newsgroups: sci.crypt From: karn@envy.bellcore.com (Phil Karn) Subject: Re: Cryptography and the Law... Message-ID: <1990Oct23.052418.1957@bellcore-2.bellcore.com> Reply-To: karn@thumper.bellcore.com (Phil Karn) Date: Tue, 23 Oct 90 05:24:18 GMT Here are the relevant excerpts from the International Traffic in Arms Regulations (ITAR) (22 CFR 120-130) November 1989: [Definitions] 120.18 Public domain "Public domain" means information which is published and which is generally accessible or available to the public: (a) Through sales at newsstands and bookstores; (b) Through subscriptions which are available without restriction to any individual who desires to obtain or purchase the published information; (c) Through second class mailing privileges granted by the U.S. Government; or, (d) At libraries open to the public. [US Munitions List] 121.1 (Category XIII) (b) Speech scramblers, privacy devices, cryptographic devices and software (encoding and decoding), and components specifically designed or modified therefore, ancillary equipment, and protective apparatus specifically designed or modified for such devices, components, and equipment. [Part 125 - Licenses for the export of technical data and classified defense articles] 125.1 Exports subject to this part 125.1 (a) The export controls of this part apply to the export of technical data and the export of classified defense articles. Information which is in the "public domain" (see Section 120.18) is not subject to the controls of this subchapter.