From: Eric Young <eay@mincom.oz.au>
Date: Thu, 27 Jul 95 22:31:47 PDT
To: Greg ROSE <Greg_Rose@sibelius.sydney.sterling.com>
Subject: Re: NSA and the NCSA/Apache web servers
In-Reply-To: <9507280320.AA28749@paganini.sydney.sterling.com>
Message-ID: <Pine.HPP.3.91.950728144445.1176D-100000@saturn.mincom.oz.au>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 28 Jul 1995, Greg ROSE wrote:
> A few yuears ago I asked Matt Blaze if he would
> publish CFS with the sryptography removed, and he
> told me that AT&T's lawyers also believed this to
> be true. (So, of course, his answer was "No".)
> The hooks are as important as the crypto code.
> 
> Interestingly though, Kerberos made it to
> Australia (Bond University I think) legally.

I was the person who put the encryption back into that version of 
kerberos (which is now called eBones).  They removed all encryption calls.

They had actually pulled out all calls to the des routines, so we had a 
'working' authentication system that encrypted nothing.
This version was called Bones (they ran a program called parania over 
Kerberos, and that left Bones :-).  When I left, we had Kerberos working 
but I had not tested against 'true' kerberos.  I belive it has been fixed 
by 'those that have followed' and now fully interoperates with MIT 
kerberos v4.  So the 'international' version of kerberos is fully legal.

BTW I wrote libdes (my DES library) as part of this work.  Luckily I have 
    escaped from Kerberos/eBones when I left Bond Uni but my nights are
    still haunted with memories of trying to follow the code :-).

eric (who is having far more fun putting an SSL package together :-)
--
Eric Young                  | Signature removed since it was generating
AARNet: eay@mincom.oz.au    | more followups that the message contents :-)