Re: unusual startup messages

Keith Rohrer (kwrohrer@uiuc.edu)
Fri, 01 Nov 1996 13:32:41 -0600

. Tethys SYSTEM ADMIN X wrote:
>
> >I see the situation like this: Linus can't code any crypto himself, since
> >that would, in effect, be exporting the code in a computer readable
> >format. I don't see, however, how they could prevent him from applying
> >a ready-made patch to a kernel residing in Finland, since in that case,
> >no crypto code would flow from the US. Viewing and downloading the patch
> >would also be allowed since AFAIK there are no import restrictions...
>
> Technically, you're right, but you haven't thought of the implications.
Maybe he just doesn't find these little things quite so terrifying as
you do:

> Yes, the patch could be written in Finland (for example), then legally
> imported into the US, and applied by Linus to the rest of the kernel.
> That would then prevent the kernel itself from being exported from the
> US. If the kernel is to be maintained in the states, it will have to be
> distributed without crypto. Users outside the US would then have to
> obtain the crypto patches and apply then to the kernel source themselves.
Ooh, I quake in terror at the day I might have to get _two_ files to
update my kernel. Really, even assuming the strong-crypt module gets
changed every version, that's not the biggie it seems. The
6-megs-compressed-and-growing main kernel could've used a split about 3
megs ago... I can definitely see a case for splitting off the SCSI
drivers, the ethernet drivers, and the highly miscellaneous (bus mouse,
proprietary CD-ROM, funky multi-port serial) drivers...

There should be either support for multiple cryptography modules in the
kernel, or support for a single cryptography module; the stock kernel
should ship with a "dummy" crypto module, or code to attempt to load a
strong crypto module and skip using it in the case of failure. The
strong cryptography module itself should be maintained in "Finland" (for
any or many values of "Finland"), and can be mirrored wherever legal and
by the USA PGP mirrors (if they're willing). Maybe Holy Linus will be
hampered a bit in fixing problems in the strong-crypt module, but given
he's already similarly hampered in fixing, say, gcc, I don't see it's a
problem. If international bandwidth gets expensive, that'll be all the
more reason to make the strong-crypt module lean and throw the rest of
the junk back into the kernel (where it may or may not belong, but at
least the kernel is mirrored much more locally in most cases).

This also lets people in France, who are allegedly not allowed to have
strong cryptography at all, use the dummy module or the igpay-atinlay
module and be legal, if they so choose.

Keith

-- 
"It moved faster.  I swear, they are evolving right before my eyes.  If 
you see something this big, with eight legs coming your way, let me 
know; I have to kill it before it develops language skills." 
	--- Ambassador Londo Mollari, in 'Sic Transit Vir' (Babylon 5)