When we got an export license for Stronghold earlier this year (don't ask),
the process consisted of filling out an application form listing the types
of encryption and ciphers supported, key sizes supported, etc., then
answering a few follow-up questions of that sort from some NSA staffer, and
then pestering them for 5 or 6 weeks until they provided a response. No
source code review.
--Steve Cook
At 01:27 PM 9/16/99 -0700, Tom Weinstein wrote:
>John Gilmore wrote:
>>
>> There's a vague and undefined term in the press leaks so far:
>>
>> One-Time Technical Review
>>
>> What does this mean? It appeared in some early crypto liberalization
>> bills floated in Congressional committees.
>
>Based on my previous experience with the export process, here's what I think
>this means:
>
> You have to tell the NSA what you're doing and let them think
> about it for a while. You'll have to answer any questions they
> have, but they aren't likely to ask for source code. It's not
> something you want to do the week before you ship. It's a process
> that's likely to take a couple months and involve more than one
> face to face meeting with NSA people.
>
>Of course it may mean something completely different. I've been surprised by
>what the NSA does more often than not.
--
Steve Cook e-mail: [EMAIL PROTECTED]
C2Net Software, Inc. http://www.c2.net/
1440 Broadway, Suite 700 fax: 510-986-8777
Oakland, CA 94612 USA tel: 510-986-8770 Ext. 312
