Re: Intent to package: SRP
Ossama Othman writes:
> > The Secure Remote Password (SRP) distribution is a secure
> > authentication and key exchange system which protects existing
> > protocols from both passive and active network intrusions.
> Since you are in the US, won't US export restrictions be an issue here?
> Shouldn't someone outside the US package it? If the source is here in the
> US, how do you keep it from leaving the country? Perhaps I am missing
> something. Sorry if I am.
SRP has two functions: It secures the authentication process itself
(i.e. protects the password from eavesdroppers, prevents unauthorized
users from logging in) and it exchanges keys for session encryption.
The former function is not export-controlled, and SRP can be distributed
freely as an authentication-only package.
On the other hand, having encrypted sessions is a big win, so you have
a good point about having a non-US developer package it. Perhaps an
authentication-only domestic package and a 128-bit crypto-enabled
package available from overseas would be best.
Tom Wu * finger -l firstname.lastname@example.org for PGP key *
E-mail: tjw@cs.Stanford.EDU "The box said 'Requires Windows 95, NT,
Phone: (650) 723-1565 or better,' so I installed Linux."