[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Java Crypto API questions
At 11:52 PM 6/3/96 -0700, Lucky Green wrote:
>At 16:22 6/3/96, jim bell wrote:
>
>>A signature is just that: A signature. It doesn't encrypt or decrypt. It
>>doesn't even ALLOW the system it's in to encrypt or decrypt, because there
>>are numerous encryption programs written that have no need for such a
>>signature. If no program existed which _used_ that signature, nobody would
>>think twice about exporting it.
>>
>>The fact is, it is LEGAL to import encryption code into the US. It is LEGAL
>>to generate an hash of that code, and it is LEGAL to export that hash. To
>>believe otherwise is to broadly expand the scope of export laws far beyond
>>what they were intended to mean.
>
>First, the ITAR are not laws, but regulations. Second, there are many that
>believe that applying ITAR to crypto software is already expanding the
>scope of the regulations far beyond what they were intended to mean.
I agree. Which is why I think any acquiescence by Microsoft on the subject
of exportability of signatures is wrong. Let the government press its case,
if it wants to try. Don't assist it, even rhetorically.
Jim Bell
[email protected]