[2786] in cryptography@c2.net mail archive
Re: FYI: I believe Microsoft has knowingly violated the
daemon@ATHENA.MIT.EDU (Bill Stewart)
Mon Jun 1 10:30:44 1998
Date: Fri, 29 May 1998 09:38:46 -0700
To: Marc Horowitz <marc@cygnus.com>, Tom Perrine <tep@SDSC.EDU>
From: Bill Stewart <bill.stewart@pobox.com>
Cc: reinhold@world.std.com, rsalz@shore.net, cryptography@c2.net
In-Reply-To: <t53som4rauc.fsf@rover.cygnus.com>
At 03:39 PM 5/20/98 -0400, Marc Horowitz wrote:
>>> I think that part of the issue is that Kerberos was deemed to be
>>> non-exportable if the calls to the crypto libraries were left in, but
>>> the called crypto libraries were left out.
>
>Your understanding of this situation is incorrect. MIT had to remove
>the *calls* from the source, as well as the crypto code.
That was never clear - the law was never clearly defined or objective,
and MIT took a very conservative approach to make sure they were safe.
Would leaving the calls in the source have been legal? Maybe, maybe not,
and the procedures for export approval included subjective non-reviewable
decisions by the NSA; leaving out the calls put them in very safe territory,
and let them set some positive precedent.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
