[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Response to CJ request for Applied Cryptography



I had to revise my second filing slightly. Early Wednesday morning,
I got a phone call from Maj. Gary Oncale stating that my title was too
vague. He asked me to resubmit it using a more specific title, so I did.
I've appended the revised version here. The only change is the title in
the second subject line.

I called him back later on Wednesday afternoon to confirm receipt. He
had received it, but had not yet assigned an official case number. He
thought the number would probably be 079-94.  I haven't called back to
verify this yet, I will try to remember to do so tomorrow. --Phil

					Phil Karn
					7431 Teasdale Avenue
					San Diego, CA 92122
					[email protected] (Internet)
					619-587-8281 (voice)
					619-587-1825 (fax)


ATTN: Maj Gary Oncale - 15 Day CJ Request
U.S. Department of State
Office of Defense Trade Controls
PM/DTC SA-6 Room 200
1701 N. Fort Myer Drive
Arlington, VA  22209-3113
Fax +1 703 875 5845

ATTN: 15 Day CJ Request Coordinator
National Security Agency
P.O. Box 246
Annapolis Junction, MD  20701


Subject:  Mass Market Software with Encryption - 15 Day Expedited Review
	  Requested

Subject:  Commodity Jurisdiction Request for
		"APPLIED CRYPTOGRAPHY SOURCE CODE DISK"


INTRODUCTION

This is a Commodity Jurisdiction Request for mass market software with
encryption capabilities.  It is a followup to an earlier CJR (case
038-94, dated February 12, 1994) regarding the book "Applied
Cryptography" by Bruce Schneier, published by John Wiley and Sons,
ISBN 0-471-59756-2.

In your reply of March 2, 1994, you explicitly limited your
determination that the item was outside State jurisdiction to the book
itself, explicitly excluding the source code diskettes available from
the author. Hence my second request.

The newly released diskette that is the subject of the present request
should not be confused with the more comprehensive two-diskette set
also available from the author. This new diskette is strictly limited
to the source code that already appears in the book, which you have
already determined to be public domain. Character by character, the
information is exactly the same. The only difference is the medium:
magnetic impulses on mylar rather than inked characters on paper.

I have no DTC registration code.

I have reviewed and determined that this diskette, the subject of this
CJ request, meets paragraph 1 of the "Criteria for Determining the
Eligibility of A Mass Market Software Product for Expedited Handling."

I base this determination on the following facts:

a) this diskette is readily available from the author by mail-order,
thus qualifying it as mass market software;

b) sufficient documentation is included to allow installation and use
by any end user capable of compiling and executing it. To my knowledge
the author provides no "product support" as that term is generally
understood; and

c) the diskette contains source code for encryption software that
provides confidentiality.

A duplicate copy of this CJR has been sent to the 15 Day CJ Request
Coordinator.

DESCRIPTION

This diskette contains (and is limited to) the exact same source code
printed in Part 5 of "Applied Cryptography", the subject of ODTC Case
CJ 038-94. It is not to be confused with the more comprehensive
two-disk set previously released by Mr. Schneier and mentioned in his
book.

Mr. Schneier's announcement (attached) lists the contents of this
diskette.

ORIGIN OF COMMODITY

The diskette is available from Mr. Schneier, a US citizen living in the
US. The price is $15.

CURRENT USE

The software on this diskette is provided for those who wish to
incorporate encryption into their applications.

Examples of the commercial use of these ciphers include integrity
verification, authentication and confidentiality of electronic mail,
computer software, voice, video and other information in digitized
form.  For example, the Internet's Privacy Enhanced Mail (PEM) project
uses DES for confidentiality and MD5 for integrity. The Pretty Good
Privacy (PGP) package uses IDEA and MD5 for the same purposes. PGP is
now widely used around the world.

The uses of these ciphers have not changed significantly over time,
although their popularity has grown substantially.  Their present
military utility is unknown, except that it is believed that none of
these algorithms are approved for the protection of US classified
information.

SPECIAL CHARACTERISTICS

There are no military standards or specifications that this diskette is
designed to meet.  There are no special characteristics of the diskette,
including no radiation-hardening, no ballistic protection, no hard
points (the corners of the diskette are rounded), no TEMPEST
capability, no thermal and no infrared signature reduction capability,
no surveillance, and no intelligence gathering capability.  The diskette
does not use image intensification tubes.

OTHER INFORMATION

I recommend that this diskette be determined to be in the jurisdiction of
the Commerce Department.  I believe that it qualifies for the general
license GTDA for General Technical Data to All Destinations, because
it qualifies as "publicly available".

ATTACHMENTS

I have enclosed the announcement of this diskette's availability as
published over various electronic mailing lists by the author.

From: [email protected] (Bruce Schneier)
Subject: announcement
Date: Tue, 8 Mar 1994 14:21:25 -0600 (CST)

ANNOUNCING:

APPLIED CRYPTOGRAPHY SOURCE CODE DISK

This disk includes all the source code from the book, Applied Cryptography:

	Vigenere, Beauford, Variant Beauford
	Enigma
	DES
	Lucifer
	NewDES
	FEAL-8
	FEAL-NX
	REDOC III
	LOKI 91
	IDEA
	N-HASH
	MD5
	Secure Hash Algorithm (SHA)
	Secret Sharing

The code is available either on a single 5.25 or 3.5 IBM-PC disk, or
on a single 3.5 Macintosh disk.

Cost: $15


Bruce Schneier
Counterpane Systems
730 Fair Oaks Ave
Oak Park, IL  60302

(708) 524-9461
[email protected]