Kerberos, again
FYI, CNet news reports that the US administration is considering relaxing
export controls for *source code*, not just binaries, in a nod to the
growing importance of Linux and FreeBSD.
I just wanted to remind everyone that I have MIT Kerberos5-1.1 already
packaged, and I've been working towards a year-end "affinity" release
that kerberizes slink and potato (assuming it's out the door by then. :-)
Obviously everything changes if Debian can accept the packages.
The three significant objections in the past were:
- US export restrictions (possibly removed in December, and since
Windows 2000 uses Kerberos I can't put off releasing my own
Kerberized packages any later, just to avoid the "we have Kerberos
and you don't" crap that the spinsters would otherwise try)
- MIT Kerberos 5 1.0.5 used single DES, a fairly weak cipher.
MIT Kerberos 5 1.1 uses triple DES for one type of transaction, and
work is proceeding towards adding it to others.
- Some countries ban importing strong crypto, but that's already a
problem with non-US. The kerberized packages would simply go under
a new section. (In my affinity distro, I was putting everything
under a new 'coyote' section.)
I *don't* want to start yet another debate over this matter, and I no
longer have any desire to be an official developer. (I've also tried
to give the packages away. *sigh*).
However, since Windows 2k *will* include Kerberos and the administration
has floated a trial balloon asking if the change in policy will affect
Linux, I wanted to let you know that this package is pretty much ready
to go *today.* This is a case where a Debian trial balloon might affect
US policy.
Ref:
http://news.cnet.com/news/0-1003-200-919920.html?tag=st.cn.1002.newsfd.
Bear Giles
bgiles@coyotesong.com
Reply to: