[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ANSWER] NIST's ftp site



> It wasn't/isn't the only ftp site in US that has fips181.txt available.
> There are other sites that still have the information.
> Besides I doubt that anyone would having problems finding sources of DES
> they are all over the net (in and out of US). 
> Clearly ITAR fails so be happy.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - blatant statements tend to get flamed so
I thought I should follow up a little.

What I mean is it clear that ITAR fails to stop the exporting of crypto (for
the individual). We have seen many examples when code has already found its
way outside the US, before it even becomes availiable to many machines in
the US (PGP,RSAREF,...). Also *most* algorithms developed in the US are 
documented extensively in text that is also available outside (with conference
proceedings, journals, etc), it is just a matter of writting the code.

Clearly if ITAR was to work it would require text exports to be banned as well.

From what I see, ITAR is only slight inconvience to the non-US individual, 
whereas it is also a major thorn to US software developers that can't 
release single versions of software containing crypto, in that they have to 
have US and Rest-of-World versions, ala PGP (unless they develop the software
outside of the US ?).

-- 
+---------------------+--------------------------------------------------+
|  ____       ___     | Justin Lister                 [email protected]  |
| |    \\   /\ __\    |     Center for Computer Security Research        |
| | |) / \_/ / |_     | Dept. Computer Science      voice: 61-42-835-114 |
| |  _ \\   /| _/     | University of Wollongong      fax: 61-42-214-329 |
| |_/ \/ \_/ |_| (tm) |     Computer Security a utopian dream...         |
|                     |  LiNuX - the only justification for using iNTeL  |
+---------------------+--------------------------------------------------+