[ECOS] Protecting RedBoot in the field
Mon Nov 4 21:40:00 GMT 2002
Gary Thomas wrote:
> On Mon, 2002-10-28 at 08:17, Andrew Lunn wrote:
>>>That said, I think a password (stored in 'fconfig') would be a
>>I wondered about encrypting the passwd so its not plain text. But does
>>that get is into US export regulation problems? Is crypt(3) still
>>under restrictions? Can anybody suggest an alternative?
> The restrictions on most simple algorithms (IIRC less than 56 bit
> keys) have been lifted for a couple of years.
Alas it isn't as simple as that: there are different regulations depending
on the nature of the thing containing encryption and key length among
other things. In summary, you can be granted an export licence for freely
downloadable software fairly readily, but each submission requires a
submission to the US BXA. Any times the encryption code is modified a new
application is required. Who knows what happens with download mirror sites.
Note that things would become more difficult for commercial
redistributors/vendors of eCos (especially with the GPL involved) if stuff
like OpenSSL was properly integrated. It would no longer have the
exemptions associated with being "freely available", primarily the onerous
post-export reporting ones.
After a google, this is the best summary of the current status I could find:
That's why (unfortunately) OpenSSL is best left distributed only in the
eCosCentric http://www.eCosCentric.com/ <info@eCosCentric.com>
--[ "You can complain because roses have thorns, or you ]--
--[ can rejoice because thorns have roses." -Lincoln ]-- Opinions==mine
Before posting, please read the FAQ: http://sources.redhat.com/fom/ecos
and search the list archive: http://sources.redhat.com/ml/ecos-discuss
More information about the Ecos-discuss