[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I need exportable crypto revisited.
> "Perry E. Metzger" <[email protected]> writes:
> If you have hooks for arbitrary encryption, you will find it to be
> virtually impossible to export the product.
That's my understanding also (as I told him in e-mail) but I haven't found
any legal justification for it. I spent a while poring over the ITARs,
section XIII.b (ftp://ftp.cygnus.com/pub/export/itar.in.full), and I
didn't see anything that looked likely. Maybe "ancillary equipment" in
XIII.b.5, but that seems a stretch and is not at all specific.
I note that hash algorithms for message authentication are specifically
excluded from control in XIII.b.1.vi, which conflicts with what I was told
by somebody who'd gotten a nastygram from Commerce. Sort of a relief,
since I've been giving my SHA implementation away freely
(rand.org:pub/jim/sha.tar.gz).
Has anybody who's been impaled on the stinky end of this stick been told the
chapter and verse?
Jim Gillogly
Sterday, 26 Wedmath S.R. 1995, 00:21