[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pegasus Mail 2.20



> From:          Rich Salz <[email protected]>
> Date:          Thu, 9 Nov 1995 07:50:44 -0500
> To:            [email protected]
> Subject:       Re:  Pegasus Mail 2.20
> Cc:            [email protected]

> I sure hope some tells David Harris that his program is now export
> controlled.  From my reading of his message, it seemed like he thinks he
> "beat the system" because he didn't include actual crypto code.
> 
> Software that says "plug your own crypto here" is considered an anciliarry
> device according to the ITAR.  Or, as I heard some NSA people call it,
> "the classic 'crypto with a hole'."  Seems kinda silly that the hole is
> the crypto, but hey that anciliiary device clause, you just gotta love
> it.
> 
> If Pegasus mail were written to support generic user-loadable content
> transforms, that would be different.  But even then, you have to be careful
> how that's done.  If just did some global search-and-replace and came up
> with "keyed compression" you wouldn't get past anyone.  But if you had an
> opaque state block that the user modules could set/use/clear, and you
> passed that along with your in/out buffers, then you'd be safe.  Of course,
> they'd know what is really going on, but are powerless to prevent it.
> 	/r$
> 

   Actually, David Harris is a citizen of New Zealand. If the US government 
tries anything, at least we'll know if ITAR applies to foreign written 
freeware.
[email protected]http://www.ionet.net/~scottst--
   >~<^xXx       | "The Internet is simply a means of 
        xX   #   | communication. Efforts to stop infor-
      (XXX) #    | mation by enjoining it are doomed to
    (XXXXXXX)    | failure in a free society."
DON'T TREAD ON ME|        -- Prof. Frank Tuerkheimer
========================================================
=========NSA trip phrase of the week: DEUTERIUM=========