[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: rc2 export limits..
keywords: ITAR, SHA, beneficial and innocuous crypto
The persistent reputation known as Bill Stewart wrote:
>Date: Wed, 04 Sep 1996 23:09:17 -0700
>From: Bill Stewart <[email protected]>
>To: Kent Briggs <[email protected]>
>Cc: [email protected]
>Subject: Re: rc2 export limits..
>I'm afraid my source is "Read it on the net and was surprised to hear it".
>My assumption is that the limit is for software that implements
>both signature and verification, since ITAR doesn't ban export of
The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in
the fine print at the beginning that SHA is export controlled. I don't
have the document to refer to right now, but it plainly states that SHA
falls under ITAR. As a cryptographic hash function, why would it be
controlled in this way?
How can I use SHA to encrypt something for someone else to decrypt? I
know how to use it for authentication; am I missing something here?
I tried that OnNet32 e-mail software from FTP software. It runs under
Windows95. It is a lot of material to download, and way too intrusive to
install. It wants to metastasize itself into the innards of Microsoft
Exchange and Inboxes, etc. What is it with all this complexity anyway?
Why not just have a POP client that will check mail on the server?
It also wants you to store your mailbox password in it, as opposed to
letting you enter it on a session-by-session basis. I don't like that.
sticking with PINE, PGP, and Xywrite II for now....