Saltzer@ALLSPICE.LCS.MIT.EDU (Jerry Saltzer) (06/22/89)
From: Scott Lawrence <lawrence@s47.prime.com> Date: Wed, 21 Jun 89 09:41:16 EST At last weeks NIST OSI Implementors Workshop Security SIG meeting, Lou Giles of the NSA said that the government is officially relaxing some of the restrictions on export of strong cryptography. Wherever cryptography is used only to provide authentication and integrity services, but does not provide a confidentiality service, export will be permitted regardless of the strength of the cryptography (I specifically asked about both DES and RSA). Licenses will be issued by the Dept of Commerce rather than the Dept of State, which will continue to control export of cryptography for confidentiality purposes. He expects the official announcement of the policy change to appear in the Federal Register in the next few weeks. For those of us who intend to build exportable products incorporating Kerberos, this is very good news. We will have to remove the privacy routines, but otherwise it looks like Kerberos can be made exportable. --- Unfortunately, at least on the surface this welcome change doesn't appear to help the Kerberos export situation quite as much as one might hope. But it should help some. We explored the avenue of "removing the privacy routines" quite carefully last summer and fall, because even under the old rules it was apparent that approval of export would be greatly expedited. The problem is as follows: the key subroutines in question, the ones that do encryption/decryption for authentication, are also capable of doing encryption/decryption for confidentiality; the only way to "remove" them from the point of view of confidentiality would be to make them uncallable by users other than the authentication library. That would be reasonably straightforward in a binary-only distribution of already-loaded Kerberos clients. As I understand it, it doesn't matter if the code is in there, as long as there isn't an exposed interface. Although a sufficiently motivated hacker could expose an interface that apparently is is not considered the main threat. (One client would have a problem with this removal--the one that allows users to change their own passwords, but let's leave that issue aside for the moment, because maybe one could finesse that problem with a restriction that one changes passwords by visiting the central office.) It would be somewhat harder, though perhaps still possible, to make the encryption subroutines uncallable in a binary-only distribution of the Kerberos library. The method would be to bind together a copy of the DES binary with each calling binary, and suppress the DES entry points in the result. To avoid ending up with 13 copies of the DES binary, one would probably bind all of the Kerberos library into one giant binary. Slightly awkward, but doable. The real hangup is that in a source distribution, we couldn't imagine any way to suppress access to the ability of the DES encryption and decryption routines to be used for privacy. So we still can't get Kerberos to foreign vendors, foreign customers of domestic vendors who require source, and foreign universities who want to do research on authentication based on Kerberos. Thus the situation is mixed. For binary products, the new rules may be very helpful. For source export they may not help at all. Nevertheless, it will be worth studying the new rules very carefully, to see if any other previously closed avenues are opened up, or if there is some interpretation by which they can be made to apply even to source distributions. Thanks for the report. Incidentally, another completely different approach was suggested by Li Gong at the University of Cambridge last week. He pointed out that it is possible (with much redesign) to construct a version of the Kerberos protocols that performs authentication using ONLY one-way-encryption operations. Such a protocol would be of interest for export because it would seem to be within the scope of the new rules to ship out a source distribution with the DES encryption subroutine used in a one-way mode, and the DES decryption subroutine completely omitted. Jerry Saltzer
Mills@UDEL.EDU (06/22/89)
Scott, I heard the same thing, but I gathered that per-customer licenses will still be required from Commerce. Also, I have not heard whether Commerce may declare such things Critical Technology with respect to DoD policy. Frankly, I would not be surprised if the paperwork required is not reduced, even if State no longer cares. Dave
lyndon@cs.AthabascaU.CA (Lyndon Nerenberg) (06/22/89)
Would the US gov't object if the Kerberos distribution was made
available for export *without* the libdes directory (well, keep
the documentation)? That would leave it up to the end user to
implement their own DES replacement, such as the one recently
posted to comp.sources.unix.
--
Lyndon Nerenberg VE6BBM / Computing Services / Athabasca University
{alberta,decwrl,ncc}!atha!lyndon || lyndon@cs.AthabascaU.CASaltzer@ALLSPICE.LCS.MIT.EDU (Jerry Saltzer) (06/23/89)
Lyndon Nerenberg asks, Would the US gov't object if the Kerberos distribution was made available for export *without* the libdes directory (well, keep the documentation)? That would leave it up to the end user to implement their own DES replacement, such as the one recently posted to comp.sources.unix. Douglas P. Kingston says: I assume that you are aware that there are public domain versions of DES outside the US (in particular I believe versions have been written in Australia, Finland and The Netherlands). Could Kerberos not be distributed sans the encryption routines (like Unix) and have the foreign obtain or write compatable routines. All you would need to do is publish the library interface. And Bill Sommerfeld comments: Given that there's already a foreign (Finnish) version of DES with an interface similar to the Athena DES (it looks like the original intention was that it be plug-compatible), this doesn't sound like a big problem. We can merely distribute Kerberos source without DES, and let other people find the DES library on their own... These three comments make a good point in light of the reported rule change. Unfortunately, the result isn't completely clear. The path of exporting Kerberos by omitting the DES library was explored in some depth last summer and fall. The analysis on this approach is especially baroque, but the essence is that there are at least two relevant categories of objects on which the State Department likes to maintain tight control: "encryption devices" and "ancillary encryption control devices". (Don't puzzle too long over the inclusion of software in a category labeled "devices". What matters is the definition of the category, not its label.) The DES library falls clearly into the first category, and the rest of Kerberos appears to fall into the second. By "appears", I mean that neither the Digital, the IBM, nor the M.I.T. lawyer was willing to go to bat for any other interpretation. On that basis, and following some fairly clear precedents, we concluded that (1) simply omitting the DES library wasn't enough to allow license-free export of the rest of the system, and (2) if a version of Kerberos were created that actually omitted the calls to the DES library, those sources would be exportable without the special State Department license. (The line of reasoning here seems to be that one must be very knowledgeable to put the calls back in in all the right places.) It will take some detailed study of the new rules (and perhaps some conversations with the people who created them) to see if a consequence of the rule change is that the Kerberos sources, since they constitute an authentication system, no longer have to be classified as an ancillary encryption controlling device. If so, then not only could binary versions of a slightly-limited Kerberos subsystem be exported, as I suggested yesterday, but most of the sources could be exported, too. Certainly this approach would allow our university colleagues outside the U.S. to make some progress. The possibility is sufficiently interesting that it is certainly worth pursuing. Jerry Saltzer
cme@cloud9.Stratus.COM (Carl Ellison) (06/24/89)
In article <8906230453.AA21081@PTT.LCS.MIT.EDU>, Saltzer@ALLSPICE.LCS.MIT.EDU (Jerry Saltzer) writes: [here paraphrased] 1. "ancillary encryption control devices" are controlled 2. leaving out the DES package isn't enough 3. leaving out the calls to the DES package is enough > [...] those sources would be exportable without the special > State Department license. (The line of reasoning here seems to be > that one must be very knowledgeable to put the calls back in in all > the right places.) How knowledgeable? What if the calls were commented out? If that's not good enough, what if the call lines are deleted, leaving a blank line? --Carl Ellison UUCP:: cme@cloud9.Stratus.COM SNail:: Stratus Computer; 55 Fairbanks Blvd.; Marlborough MA 01752 Disclaimer:: (of course)
richard@perle.UUCP (Richard Outerbridge) (06/24/89)
This seems fairly mindless, from a Canadian perspective. Why not just publish the interface definitions and let the foreign customers link in their own conforming DES routines - since, as is common knowledge, absolutely every foreign programmer with any interest at all in the subject already *has* a DES routine to plug in or adapt. From the sound of it the US State/Commerce Departments have improved to the point that now they're only *five* years behind the times! -- Richard Outerbridge <uunet!mnetor!perle!richard> (416)-299-4999 CI$: [71755,204] CONNECT/DELPHI/GEnie: OUTER Home: (416)-961-4757 -- just an eccentric soul with a curiosity for the bizarre --
karn@ka9q.bellcore.com (Phil Karn) (06/25/89)
This whole subject of export controls on software that is freely available to one and all in the US is really starting to get to me. Is there even one person in the State or Defense Departments who sincerely believes that the Soviets (or any other country with an interest) doesn't already have a copy of Kerberos, complete with encryption routines? If so, they're further out of touch with reality than I thought. Kerberos has been available by anonymous FTP for months. And at least three other public domain DES encryption packages have been available for many years by anonymous FTP from various sites, not to mention public access bulletin boards, sneakernet, floppies in the mail, etc. And then there are at least two internationally-published textbooks (Numerical Recipes, all versions, and both editions of Tannenbaum's Computer Networks) and one magazine article (Byte, April 1979) that contain complete source code listings of DES in Fortran, Pascal, C and even 6502 assembler. And there are dozens more books and articles that describe the DES algorithms in complete detail, if we can make the rash assumption that there are actually some competent computer programmers outside the US. It's time to put an end to this silly "export control" nonsense, with a lawsuit if necessary. American computer people have better things to do with their time than deal with regulations totally devoid of common sense. Phil
sjs@spectral.ctt.bellcore.com (Stan Switzer) (06/26/89)
In article <17031@bellcore.bellcore.com> karn@ka9q.bellcore.com (Phil Karn) writes: > > This whole subject of export controls on software that is freely available > to one and all in the US is really starting to get to me. Is there even one > person in the State or Defense Departments who sincerely believes that the > Soviets (or any other country with an interest) doesn't already have a copy > of Kerberos, complete with encryption routines? If so, they're further out > of touch with reality than I thought. This is a case of what I call the "Do something" mentality. The US is losing its advantage in the arena of international commerce. SOMEBODY HAS GOT TO DO SOMETHING! So... We identify our commercial and technological position as a strategic asset. But this very technology is easily available to anyone who cares to find it. SOMEBODY HAS GOT TO DO SOMETHING! So... We encumber our leading edge companies with export restrictions (which although they do NOTHING to achieve their desired goal) makes politicians and bureaucrats feel like they have "done something." > It's time to put an end to this silly "export control" nonsense, with a > lawsuit if necessary. American computer people have better things to do > with their time than deal with regulations totally devoid of common sense. Meanwhile those companies having the financial resources to "do something" about THIS problem enjoy a virtual hegemony over the domestic market and see no reason to rock the boat over such an issue. After all, it encumbers their competitors more than it does them. And once again we end up wasting valuable talent and resources tackling problems of our own making rather than figuring our how to deliver a better product. But you'll never catch ME saying that "somebody has got to do something." No thanks, enough is enough. > Phil Stan
boomer@athena.mit.edu (Don Alvarez) (06/27/89)
Phil Karn says > > It's time to put an end to this silly "export control" nonsense, with a > lawsuit if necessary. > Henry Mensch says: > > but the government has lots of lawyers ... Please allow me to begin the first comp.protocols.kerberos anti-flame flame. This is not flames.legal, flames.export.control.laws, flames.politics, or even alt.assign.blame.for.US.corporate.failures. This is a forum for discussing KERBEROS (like in the title, you know?). How to accomplish the goals of kerberos within the existing or proposed legal environment is an appropriate subject for discussion here. What you want the laws to look like or why you think the laws are bad are not appropriate for comp.protocols. thank you, and I apologize for my flame. -Don Alvarez -- + -------------------------------------------------------------------------- + | Don Alvarez M.I.T. Center For Space Research (617) 253-7457 | | boomer@SPACE.MIT.EDU Moving Soon: Princeton University Gravity Lab 8/89 | + -------------------------------------------------------------------------- +
cme@cloud9.Stratus.COM (Carl Ellison) (06/27/89)
In article <8906260619.AA06004@nyunga.SICS.BU.OZ.AU>, munnari!SICS.BU.oz.au!henry@UUNET.UU.NET (Henry Mensch) writes: > Phil Karn sez: > It's time to put an end to this silly "export control" nonsense, with a > lawsuit if necessary. > all fine and well, but the government has lots of lawyers (and > resources in general) to fight such a battle with. who is going to > fight this battle (and provide said resources) for the "common sense" > side? Obviously, no individual or small company has enough money or free lawyers to battle the government on this issue. However, there's always the '60s approach: be totally poor, devoid of resources, and if the government gets on your case, raise a stink in the press, defend yourself without a lawyer, .... Any volunteers? --Carl Ellison UUCP:: cme@cloud9.Stratus.COM SNail:: Stratus Computer; 55 Fairbanks Blvd.; Marlborough MA 01752 Disclaimer:: (of course)
henry@UUNET.UU.NET (Henry Mensch) (06/27/89)
Phil Karn sez: It's time to put an end to this silly "export control" nonsense, with a lawsuit if necessary. all fine and well, but the government has lots of lawyers (and resources in general) to fight such a battle with. who is going to fight this battle (and provide said resources) for the "common sense" side? -- henry mensch --------
lyndon@cs.AthabascaU.CA (Lyndon Nerenberg) (06/27/89)
In article <12218@bloom-beacon.MIT.EDU> boomer@space.mit.edu (Don Alvarez) writes: >This is a forum for discussing KERBEROS (like in the title, you know?). Yup - this is starting to wander. In closing the topic I will say that I've received email indicating that Canada ***might*** be exempt from the export restrictions. I have my doubts about this, but will check into it. What I would like to do is contact the appropriate US gov't agency to see what would be involved in us obtaining the necessary export license to obtain Kerberos. If anyone can give me an address, phone number, and (preferably) a name of someone in the US gov't who can authoratatively talk to me about this, please forward the information via E-MAIL. Thanks. -- Lyndon Nerenberg VE6BBM / Computing Services / Athabasca University {alberta,decwrl,ncc}!atha!lyndon || lyndon@cs.AthabascaU.CA If everyone quit smoking, drinking, and buying gas, the nation would probably go bankrupt.