Irene: In your email you say that "you don't think there will be any risk". Are you sure that there is no risk?
If you are not sure, then I would recommend that you send your analysis to the ef-core at sun.com mail alias so that the security experts at Sun review your work and can verify that the Export Control Form is filled out correctly for Evolution. Does this seem like a good idea? Brian Irene (Shi Ying) Huang wrote: > Hi, all > > Looking from the code, GNUTLS has no support for RSA_PSK yet. > Only NULL encryption PSK and DHE_PSK support is added. > > PSK, as is mentioned by Jeff, is the abbreviation for Pre-shared Key > authentication. > > Definition: "Authentication using Pre-shared keys is a method to > authenticate using usernames and binary keys. This protocol avoids > making use of public key infrastructure and expensive calculations, thus > it is suitable for constraint clients." > > As for export control, NULL encryption PSK does not matters. While for > DHE_PSK, the DHE hash algorithm is used in the old version of GnuTLS. So > we don't think there will be any risk (if encrypted key exchange > algorithms are of concern for export control). > > The attached is the manual for GNULTS published on Oct 26, 2006, just > for your further reference. > > --Irene > On Tue, 2006-11-07 at 15:36 +0800, Jeff Cai wrote: >> GnuTLS is a gnu open-source project which provides a secure layer over >> a >> reliable transport layer. The TLS protocol provides communications >> privacy over the Internet. The protocol allows client/server >> applications to communicate in a way that is designed to prevent >> eavesdropping, tampering, or message forgery. >> >> It was Evolution first introduced GnuTLS to Solaris, and now both gaim >> and vino depend on it. >> >> Recently, GnuTLS in gnu community is upgraded from 1.2 to 1.4. To keep >> consistent with the community, we should upgrade it on nevada. The >> upper >> version mainly adds support for TLS Pre-Shared Key (TLS-PSK) >> ciphersuites. Pre-Shared Key is a mechanism of keys management with >> several key-exchange algorithms( PSK Key Exchange, DHE_PSK Key >> Exchange, >> RSA_PSK Key Exchange ). The purposes are to avoid the need for public >> key operations and make key management more convenient. This upgrade >> doesn't add any cryption algorithm.
