[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Pam and radius



   Date: Sat, 1 Mar 1997 02:15:18 +0200 (EET)
   From: Cristian Gafton <gafton@sorosis.ro>

   Wow ! How nice ! :-) I'm in Europe. What does Kerberos give me ? A 'right'
   to use pirated code ?

It's not pirated code; the MIT copyright allows anyone to use it.  As
far as getting outside of the country, we can't help someone break
U.S. law, but if someone manages to sneak it outside the U.S., that
person has violated U.S. law, and not any copyright restriction of
MIT's.  Besides, there have been some people in Europe (see the SESAME
project, which was funded by the E.U.), who have managed to get even an
export license of Kerberos source code.  

   mail/ftp is okay. I wouldn't rely on RADIUS to provide shell access, but
   for an ISP it just does the work. And can be implemented and maintained
   without worry about ITAR.


Technically speaking RADIUS uses MD5 to "encrypt" the password.  I.e.,
it is using MD5 for data hiding.  As such, techncially speaking RADIUS
requires as much of an export license as Kerberos.  It's true people
generally don't bother, and the U.S. Marines hasn't (as far as I know)
invaded, say, Romania to drag someone back to the U.S. to stand trial
for violating U.S. export control laws, but technically speaking export
of RADIUS source code probably requires an export control license, since
it is performing data-hiding.

(There's also the issue that MD5 was never intended to be used for
data-hiding, so I have some questions about cryptographic strength of
RADIUS, but that's another issue entirely.)

							- Ted



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []