Do not, under any circumstances, listen to any replies you get from a
FIREWALLS list.
We have no idea. For instance, ignore this:
Since the "relaxation" it has been possible, in Australia, to obtain
"strong" (3DES, for example and large RSA keys) crypto in various products.
The only requirement has been that the vendor record to whom the product was
sold. For this they usually charge an "export license" fee which is not a
license fee at all - it's a handling and admin fee. This is better than
before when only certain vertical markets (healthcare, banking) were allowed
access to real crypto. IOW strong crypto is being exported from the US into
Australia with only nominal restrictions.
However, if you want someone to tell you what's LEGAL, I really, REALLY
suggest that you talk to a government-type person in the US.
Speculation-wise, though, with the RSA patent gone and the AES being a
non-US product I don't see the US crypto restrictions being quite as
important anymore. Sure, it will still affect the finished products that can
be exported, but it means that the core crypto doesn't "belong" to the
States any more.
Cheers,
--
Ben Nagy
Network Consultant, Volante Solutions
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
> -----Original Message-----
> From: Ng, Kenneth (US) [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, 11 October 2000 12:02 AM
> To: [EMAIL PROTECTED]
> Subject: off topic - current US encryption export standards
>
>
> Sorry for the off topic thread, but I am trying to find what is the
> allowable export of VPN encryption software from the US to
> countries other
> than the normal banned countries (Iraq, North Korea, Libya,
> and whomever
> else)? I've tried running some searches, but I can't find
> anything either
> useful, or at a level that I can understand. Specifically I have the
> following questions:
> - Is the export of 1024 bit key exchange allowed? If its
> restricted, how is
> it restricted?
> - For session keys, what is the current number of bits allowed to be
> exported? 40? 56? 64? 126? And what restrictions are on it?
>
> **************************************************************
> ***************
> The information in this email is confidential and may be
> legally privileged.
> It is intended solely for the addressee. Access to this email
> by anyone else
> is unauthorized.
>
> If you are not the intended recipient, any disclosure,
> copying, distribution
> or any action taken or omitted to be taken in reliance on it,
> is prohibited
> and may be unlawful. When addressed to our clients any
> opinions or advice
> contained in this email are subject to the terms and
> conditions expressed in
> the governing KPMG client engagement letter.
> **************************************************************
> ***************
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
