[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CJR for perl-RSA t-shirt

Here is a draft of the CJR I intend to file, for the perl-RSA t-shirt.
Please check it over for technical inaccuracies or other problems. It
should sound quite familiar, as I have shamelessly ripped off the CJR
that Phil Karn filed for the Applied Cryptography book.

Let me know what you think!


ATTN: Maj Gary Oncale - 15 Day CJ Request
U.S. Department of State
Office of Defense Trade Controls
PM/DTC SA-6 Room 200
1701 N. Fort Myer Drive
Arlington, VA  22209-3113
Fax +1 703 875 5845

ATTN: 15 Day CJ Request Coordinator
National Security Agency
P.O. Box 246
Annapolis Junction, MD  20701

Subject:  Mass Market Software with Encryption - 15 Day Expedited Review

Subject:  Commodity Jurisdiction Request for
          perl-RSA t-shirt, an encryption program


This is a Commodity Jurisdiction Request for mass market software
with encryption capabilities.  
The name of the software product is "perl-RSA t-shirt", by
Adam Back. It is published in the form of a t-shirt by Joel Furr, 916
W. Trinity Ave, #10, Durham NC 27701.

I have no DTC registration code.

I have reviewed and determined that this t-shirt, the subject of this CJ
request, meets paragraph 1 of the "Criteria for Determining the
Eligibility of A Mass Market Software Product for Expedited Handling."

I base this determination on the following facts:

a) this t-shirt is readily available from Joel Furr, and has been
shipped in quantity of several hundred copies, thus qualifying it as
mass market software;

b) sufficient documentation is included to allow installation and use
by any end user capable of typing in the software, or scanning the bar
code, and running it. Additional documentation is available on the
Internet World Wide Web at http://dcs.ex.ac.uk/~aba/rsa/ . To my
knowledge the author and publisher provide no "product support" as
that term is generally understood; and

c) the t-shirt contains encryption software source code listings that
provide confidentiality.

A duplicate copy of this CJR has been sent to the 15 Day CJ Request


The t-shirt contains an implementation of the RSA asymmetric
cryptographic algorithms. Furthermore, instructions, in the form of a
terse usage string, are given for using the implementation to provide
confidentiality. The source code of the implementation is featured
both as four lines of text and also as a bar code, making the t-shirt
machine readable as well as machine washable. The algorithm is
implemented in the Perl scripting language, and will run on any
standard Unix configuration that includes both an implementation of
the Perl language and the common "dc" (desk calculator) program.

Two copies of the shirt are included with the filing of this CJ


This t-shirt originates in the United States. While the primary author
is a citizen of the United Kingdom, living in England, other
contributors to the work are citizens of the US living in the US. The
publisher is a United States citizen living in the United States. The
t-shirts are manufactured and printed in the United States.

The cryptographic algorithm implemented in this t-shirt comes from
various sources, at various times, and was produced with both private
and public sources of funding.

The source code implementation contained in the t-shirt also comes
from a variety of countries, including Australia, Canada, the United
States and the United Kingdom.

The algorithm is thought to be designed for private and commercial
civilian use.

The t-shirt is currently publicly available from Joel Furr, at a list
price of $12.36, including shipping and handling. More ordering
information is available on the Internet World Wide Web at
http://www.danger.com/ad-perl.html .


The t-shirt is intended as an implementation of the RSA cipher for
those who wish to incorporate encryption into their communications.
The small size of the implementation makes it particularly useful in
contexts in which existing cryptographic infrastructure is not

Examples of the commercial use of the cipher implemented include
integrity verification, authentication and confidentiality of
electronic mail, computer software, voice, video and other information
in digitized form. For example, the cipher is used either by itself
for email privacy, and also as a component in other protocols that
provide privacy and authentication, including PGP (Pretty Good
Privacy), S/MIME (Secure Multipurpose Internet Mail Extensions), MOSS
(MIME Object Security Services), PEM (Privacy Enhanced Mail), and SSL
(Secure Sockets Layer).

The uses of this cipher have not changed significantly over time,
although their popularity has grown substantially. Their present
military utility is unknown, except that it is believed that the
algorithm is not approved for the protection of US classified


There are no military standards or specifications that this t-shirt is
designed to meet. There are no special characteristics of the t-shirt,
including no radiation-hardening, no ballistic protection, no hard
points (the t-shirt is only available in soft 100% cotton), no TEMPEST
capability, no thermal and no infrared signature reduction capability
(in excess of that provided by a typical black cotton t-shirt), no
surveillance, and no intelligence gathering capability. The t-shirt
does not use image intensification tubes.


I recommend that this t-shirt be determined to be in the jurisdiction
of the Commerce Department. I believe that it qualifies for the
general license GTDA for General Technical Data to All Destinations,
because it qualifies as "publicly available".


I have enclosed two copies of the t-shirt, included with the primary
filing of this CJ request.


                                        Raphael L. Levien