[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [DNSOP] I think we may have a solution - DNSCurve
Bert,
On Aug 31, 2008, at 1:34 PM, bert hubert wrote:
> Technically, this may be true - but I got into trouble over an AES-
> based
> random generator, even though it does not encrypt any user supplied
> data.
Back when I was trying to get an early version of BIND shipped with
RSA BSAFE (around the turn of the century), I got hung up with lawyers
(coincidentally enough, including the same lawyer DJB used for his
lawsuit against the US government over cryptography and the lawyer who
wrote one of the books lawyers used to use for export-related matters)
trying to figure out if we needed to get a license from the US
government to export "munitions". Our approach was to point out
repeatedly that DNSSEC provided authentication only and not encryption
(and try to ignore Rivest's "Chaffing and Winnowing" paper). After
about a year of fruitless discussion with the Bureau of Export
Administration, the USG changed their policy and allowed exports with
a self-declared license for the stuff we were doing.
> It does create problems though.
Not having looked at this (or consulted a lawyer), I would guess
things would probably be much more complicated today given the current
political situation as well as the fact that DNSCurve actually does do
encryption. But that would only be a guess...
Regards,
-drc
_______________________________________________
DNSOP mailing list
DFrom dnsop-bounces at ietf.org Tue Sep 2 14:49:35 2008
Return-Path: <dnsop-bounces at ietf.org>
X-Original-To: dnsop-archive at optimus.ietf.org
Delivered-To: ietfarch-dnsop-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 3132A3A6B06;
Tue, 2 Sep 2008 14:49:35 -0700 (PDT)
X-Original-To: dnsop at core3.amsl.com
Delivered-To: dnsop at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id E14AA3A6A59
for <dnsop at core3.amsl.com>; Tue, 2 Sep 2008 14:49:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.96
X-Spam-Level:
X-Spam-Status: No, score=-4.96 tagged_above=-999 required=5 tests=[AWL=-0.775,
BAYES_40=-0.185, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id LkrMyQUeYGOa for <dnsop at core3.amsl.com>;
Tue, 2 Sep 2008 14:49:33 -0700 (PDT)
Received: from virtualized.org (trantor.virtualized.org [204.152.189.190])
by core3.amsl.com (Postfix) with ESMTP id 2A00B3A69A9
for <dnsop at ietf.org>; Tue, 2 Sep 2008 14:49:33 -0700 (PDT)
Received: from [10.0.1.199] (c-71-198-3-247.hsd1.ca.comcast.net [71.198.3.247])
by virtualized.org (Postfix) with ESMTP id 049EC3045AB;
Tue, 2 Sep 2008 14:48:33 -0700 (PDT)
Message-Id: <BB6403EF-3A97-451B-BCD2-4904975D1C91 at virtualized.org>
From: David Conrad <drc at virtualized.org>
To: bert hubert <bert.hubert at netherlabs.nl>
In-Reply-To: <20080831203451.GA1000 at outpost.ds9a.nl>
Mime-Version: 1.0 (Apple Message framework v928.1)
Date: Tue, 2 Sep 2008 14:48:32 -0700
References: <874c02a20808311220r4fa4836fw1882de5b341f841f at mail.gmail.com>
<e90946380808311250v3ba03e5fhbbde11ff9ea528e1 at mail.gmail.com>
<A044556E-C510-4587-864D-24CB8A98B435 at virtualized.org>
<20080831203451.GA1000 at outpost.ds9a.nl>
X-Mailer: Apple Mail (2.928.1)
Cc: "dnsop at ietf.org WG" <dnsop at ietf.org>
Subject: Re: [DNSOP] I think we may have a solution - DNSCurve
X-BeenThere: dnsop at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop at ietf.org>
List-Help: <mailto:dnsop-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces at ietf.org
Errors-To: dnsop-bounces at ietf.org
Bert,
On Aug 31, 2008, at 1:34 PM, bert hubert wrote:
> Technically, this may be true - but I got into trouble over an AES-
> based
> random generator, even though it does not encrypt any user supplied
> data.
Back when I was trying to get an early version of BIND shipped with
RSA BSAFE (around the turn of the century), I got hung up with lawyers
(coincidentally enough, including the same lawyer DJB used for his
lawsuit against the US government over cryptography and the lawyer who
wrote one of the books lawyers used to use for export-related matters)
trying to figure out if we needed to get a license from the US
government to export "munitions". Our approach was to point out
repeatedly that DNSSEC provided authentication only and not encryption
(and try to ignore Rivest's "Chaffing and Winnowing" paper). After
about a year of fruitless discussion with the Bureau of Export
Administration, the USG changed their policy and allowed exports with
a self-declared license for the stuff we were doing.
> It does create problems though.
Not having looked at this (or consulted a lawyer), I would guess
things would probably be much more complicated today given the current
political situation as well as the fact that DNSCurve actually does do
encryption. But that would only be a guess...
Regards,
-drc
_______________________________________________
DNSOP mailing list
DNSOP at ietFrom dnsop-bounces at ietf.org Tue Sep 2 14:49:35 2008
Return-Path: <dnsop-bounces at ietf.org>
X-Original-To: dnsop-archive at lists.ietf.org
Delivered-To: ietfarch-dnsop-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 3132A3A6B06;
Tue, 2 Sep 2008 14:49:35 -0700 (PDT)
X-Original-To: dnsop at core3.amsl.com
Delivered-To: dnsop at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id E14AA3A6A59
for <dnsop at core3.amsl.com>; Tue, 2 Sep 2008 14:49:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.96
X-Spam-Level:
X-Spam-Status: No, score=-4.96 tagged_above=-999 required=5 tests=[AWL=-0.775,
BAYES_40=-0.185, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id LkrMyQUeYGOa for <dnsop at core3.amsl.com>;
Tue, 2 Sep 2008 14:49:33 -0700 (PDT)
Received: from virtualized.org (trantor.virtualized.org [204.152.189.190])
by core3.amsl.com (Postfix) with ESMTP id 2A00B3A69A9
for <dnsop at ietf.org>; Tue, 2 Sep 2008 14:49:33 -0700 (PDT)
Received: from [10.0.1.199] (c-71-198-3-247.hsd1.ca.comcast.net [71.198.3.247])
by virtualized.org (Postfix) with ESMTP id 049EC3045AB;
Tue, 2 Sep 2008 14:48:33 -0700 (PDT)
Message-Id: <BB6403EF-3A97-451B-BCD2-4904975D1C91 at virtualized.org>
From: David Conrad <drc at virtualized.org>
To: bert hubert <bert.hubert at netherlabs.nl>
In-Reply-To: <20080831203451.GA1000 at outpost.ds9a.nl>
Mime-Version: 1.0 (Apple Message framework v928.1)
Date: Tue, 2 Sep 2008 14:48:32 -0700
References: <874c02a20808311220r4fa4836fw1882de5b341f841f at mail.gmail.com>
<e90946380808311250v3ba03e5fhbbde11ff9ea528e1 at mail.gmail.com>
<A044556E-C510-4587-864D-24CB8A98B435 at virtualized.org>
<20080831203451.GA1000 at outpost.ds9a.nl>
X-Mailer: Apple Mail (2.928.1)
Cc: "dnsop at ietf.org WG" <dnsop at ietf.org>
Subject: Re: [DNSOP] I think we may have a solution - DNSCurve
X-BeenThere: dnsop at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop at ietf.org>
List-Help: <mailto:dnsop-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>,
<mailto:dnsop-request at ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces at ietf.org
Errors-To: dnsop-bounces at ietf.org
Bert,
On Aug 31, 2008, at 1:34 PM, bert hubert wrote:
> Technically, this may be true - but I got into trouble over an AES-
> based
> random generator, even though it does not encrypt any user supplied
> data.
Back when I was trying to get an early version of BIND shipped with
RSA BSAFE (around the turn of the century), I got hung up with lawyers
(coincidentally enough, including the same lawyer DJB used for his
lawsuit against the US government over cryptography and the lawyer who
wrote one of the books lawyers used to use for export-related matters)
trying to figure out if we needed to get a license from the US
government to export "munitions". Our approach was to point out
repeatedly that DNSSEC provided authentication only and not encryption
(and try to ignore Rivest's "Chaffing and Winnowing" paper). After
about a year of fruitless discussion with the Bureau of Export
Administration, the USG changed their policy and allowed exports with
a self-declared license for the stuff we were doing.
> It does create problems though.
Not having looked at this (or consulted a lawyer), I would guess
things would probably be much more complicated today given the current
political situation as well as the fact that DNSCurve actually does do
encryption. But that would only be a guess...
Regards,
-drc
_______________________________________________
DNSOP mailing list
DNSOP at ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
NSOP at ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
f.org
https://www.ietf.org/mailman/listinfo/dnsop