[ECOS] Protecting RedBoot in the field

Gary Thomas gthomas@ecoscentric.com
Tue Nov 5 06:33:00 GMT 2002


On Mon, 2002-11-04 at 22:40, Jonathan Larmour wrote:
> Gary Thomas wrote:
> > On Mon, 2002-10-28 at 08:17, Andrew Lunn wrote:
> > 
> >>>That said, I think a password (stored in 'fconfig') would be a
> >>>great addition.
> >>
> >>I wondered about encrypting the passwd so its not plain text. But does
> >>that get is into US export regulation problems? Is crypt(3) still
> >>under restrictions? Can anybody suggest an alternative?
> > 
> > 
> > The restrictions on most simple algorithms (IIRC less than 56 bit
> > keys) have been lifted for a couple of years.
> 
> Alas it isn't as simple as that: there are different regulations depending 
> on the nature of the thing containing encryption and key length among 
> other things. In summary, you can be granted an export licence for freely 
> downloadable software fairly readily, but each submission requires a 
> submission to the US BXA. Any times the encryption code is modified a new 
> application is required. Who knows what happens with download mirror sites.
> 
> Note that things would become more difficult for commercial 
> redistributors/vendors of eCos (especially with the GPL involved) if stuff 
> like OpenSSL was properly integrated. It would no longer have the 
> exemptions associated with being "freely available", primarily the onerous 
> post-export reporting ones.
> 
> After a google, this is the best summary of the current status I could find:
> http://www.fas.org/irp/news/2000/01/000113-crypto-bxa.htm
> 
> That's why (unfortunately) OpenSSL is best left distributed only in the 
> Free world.

The way I read it, code which was derived from open source is
exempt, period.  Look at TSU -- §§740.13(e) on this page:
  http://www.bxa.doc.gov/Encryption/lechart1.htm
straight from the BXA themselves.

-- 
------------------------------------------------------------
Gary Thomas                  |
eCosCentric, Ltd.            |  
+1 (970) 229-1963            |  eCos & RedBoot experts
gthomas@ecoscentric.com      |
http://www.ecoscentric.com/  |
------------------------------------------------------------


--
Before posting, please read the FAQ: http://sources.redhat.com/fom/ecos
and search the list archive: http://sources.redhat.com/ml/ecos-discuss



More information about the Ecos-discuss mailing list