At 07:35 PM 12/1/99 +0800, Enzo Michelangeli wrote:
>----- Original Message -----
>From: David Honig <[EMAIL PROTECTED]>
>To: Bill Stewart <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
><[EMAIL PROTECTED]>
>Sent: Wednesday, December 01, 1999 5:40
>Subject: Re: 128-bit support
>
>
>> Way too funny. India recommends *not* using american security
>> software.
>
>Speaking about which: isn't Certification Authority software subject to EAR
>export controls? I'm asking because Hongkong Post (the Hong Kong Post
>Office) has announced that they will start to offer CA services (being in
>fact the first legally recognized local CA), and will use a system provided
>by HP. HP swears that there are no backdoors or covert channels to leak bits
>of the CA's root key, and Hongkong Post believes them, but then I wonder how
>they got an export license.
>
>Cheers --
>
>Enzo
A CA is for authentication. This is OK to export (and shown to
be stupid by Rivest's Chaffing & Winnowing construction).
All HP would have needed is to demonstrate you can't use
their product for arbitrary secure messaging.
IANAL.
