Export Considerations
Matt Johnston
matt at ucc.asn.au
Wed Oct 25 20:56:20 WST 2006
On Wed, Oct 25, 2006 at 08:22:09AM -0400, Bill Smith wrote:
> I was curious if anyone has had to deal with US (or other) export
> considerations regarding key size, etc. Is there a way to restrict
> keysize with dropbear to meet export requirements? I know that it makes
> for a weaker cipher but it would still be better then straight telnet.
The smallest encryption keysize defined in the spec
(rfc4253) is 128 bits, so you're not going to manage it
there if you want interoperability with other SSH clients. I
guess it's technically possible to disclose say half the key via
some covert channel, though I'd really advise against that -
backdoors tend to scare people away quite effectively.
(Please, call it something other than Dropbear if you do that ;)
I was under the impression that US export restrictions have
been relaxed to allow most exports, possibly with a one-time
review? (Excluding the usual Cuba, Iran, Iraq, Libya, North
Korea, Sudan, and Syria [1] where any kind of trade is
tricky.)
Matt
[1] http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#us_1
More information about the Dropbear
mailing list