[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I need exportable crypto revisited.

> "Perry E. Metzger" <[email protected]> writes:
> If you have hooks for arbitrary encryption, you will find it to be
> virtually impossible to export the product.

That's my understanding also (as I told him in e-mail) but I haven't found
any legal justification for it.  I spent a while poring over the ITARs,
section XIII.b (ftp://ftp.cygnus.com/pub/export/itar.in.full), and I
didn't see anything that looked likely.  Maybe "ancillary equipment" in
XIII.b.5, but that seems a stretch and is not at all specific.

I note that hash algorithms for message authentication are specifically
excluded from control in XIII.b.1.vi, which conflicts with what I was told
by somebody who'd gotten a nastygram from Commerce.  Sort of a relief,
since I've been giving my SHA implementation away freely

Has anybody who's been impaled on the stinky end of this stick been told the
chapter and verse?

	Jim Gillogly
	Sterday, 26 Wedmath S.R. 1995, 00:21