[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Java Crypto API questions
At 01:13 PM 6/3/96 -0400, Simon Spero wrote:
>On Mon, 3 Jun 1996, jim bell wrote:
>>
>> But you haven't explained why somebody can't export JUST the signature. You
>> know, import the software, have Sun sign it domestically, strip off everything that isn't a
>> signature, and export the signature. Append it to the un-imported code
>> outside the country.
>
>Ancillary device... It's pretty clear cut.
Sure about that? Is a microprocessor an "ancillary device"? A DRAM module?
A hard disk? How about an operating system, which stores and retrieves
data for an encryption program? How about a BIOS? What about a keyboard?
A video display? I think that any definition of "ancillary device" which is
so broad as to include signatures just about has to include any any of these
things too, but it won't be considered such because the government has
already lost the battle on hardware exports.
A signature is just that: A signature. It doesn't encrypt or decrypt. It
doesn't even ALLOW the system it's in to encrypt or decrypt, because there
are numerous encryption programs written that have no need for such a
signature. If no program existed which _used_ that signature, nobody would
think twice about exporting it.
The fact is, it is LEGAL to import encryption code into the US. It is LEGAL
to generate an hash of that code, and it is LEGAL to export that hash. To
believe otherwise is to broadly expand the scope of export laws far beyond
what they were intended to mean.
Jim Bell
[email protected]