[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I need exportable crypto revisited.



> "Perry E. Metzger" <[email protected]> writes:
> If you have hooks for arbitrary encryption, you will find it to be
> virtually impossible to export the product.

That's my understanding also (as I told him in e-mail) but I haven't found
any legal justification for it.  I spent a while poring over the ITARs,
section XIII.b (ftp://ftp.cygnus.com/pub/export/itar.in.full), and I
didn't see anything that looked likely.  Maybe "ancillary equipment" in
XIII.b.5, but that seems a stretch and is not at all specific.

I note that hash algorithms for message authentication are specifically
excluded from control in XIII.b.1.vi, which conflicts with what I was told
by somebody who'd gotten a nastygram from Commerce.  Sort of a relief,
since I've been giving my SHA implementation away freely
(rand.org:pub/jim/sha.tar.gz).

Has anybody who's been impaled on the stinky end of this stick been told the
chapter and verse?

	Jim Gillogly
	Sterday, 26 Wedmath S.R. 1995, 00:21