[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Exporting from Canada (was Re: Let's try breaking an SSL RC4 key)
> So? The ITAR doesn't control export to Canada. Export the source code
> to Canada, compile, validate, sign, and put on CD in Canada, and export
> to the world.
No. Export of crypto to Canada is legal because Canada prohibits the
further export of goods of U.S. origin. Before the Canadian government
will allow further export of crypto software from the U.S., there must
be lot of improvement done to the product within Canada. The exact
rules are not well defined, but with crypto I expect that the CSE
(Communications Security Establishment -- our version of the NSA)
would push for at least 50% Canadian content. So I don't expect to
see PGP being exported legally any time soon.
> I also seem to remember a while back (Mar/Apr) someone reported here that the
> Canadian bureaucrat responsible for executing import/export rules said
> that he didn't consider crypto to be restricted by Canada's rules.
I have talked with the bureaucrat that I think you are referring
to, and he said no such thing. He said that public domain crypto
software that is entirely of Canadian origin was, in his opinion
not covered. When I talked to him, he stressed that PGP is still
covered.
--
-marc