1994-02-16 - ITAR vs. Diffie-Hellman Key Exchange?

Header Data

From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
To: jim@rsa.com
Message Hash: 6506a6c9da2f12b6610f4358f5d6c94bd2aeb0a81a4020322a537e1c94e0fdbc
Message ID: <9402160417.AA09448@anchor.ho.att.com>
Reply To: N/A
UTC Datetime: 1994-02-16 04:21:38 UTC
Raw Date: Tue, 15 Feb 94 20:21:38 PST

Raw message

From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Tue, 15 Feb 94 20:21:38 PST
To: jim@rsa.com
Subject: ITAR vs. Diffie-Hellman Key Exchange?
Message-ID: <9402160417.AA09448@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain

In the discussions about people sniffing the net and the need for encrypted
telnets, one problem that has come up is the ITAR hassles that make exporting
Kerberos politically incorrect, though John Gilmore has gotten them
to admit that the Kerberos bones is none of their businesss :-)

However, is Diffie-Hellman exportable?   After all, it's not crypto,
it's *just* key exchange, and people can plug in their own triple-DES
from the usual sources.  It looks to me like it's probably legal,
though if you were to then transmit the password by XORing with the login
key or some such probably-unsafe behaviour it might not be.

I had heard somebody say there would be an updated RSAREF version including
Diffie-Hellman key exchange, though it's not in the package I just
ftp'd from rsa.com.  Is this correct, and is there a planned release date?

		Thanks;  Bill 
# Bill Stewart  AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email bill.stewart@pleasantonca.ncr.com billstewart@attmail.com
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465