At 10:42 AM 10/7/99 -0400, Salz, Rich wrote:
> >I'd be very thankfull if you, or anyone, could point me to the text of
> >the law that actually forbids export of "crypto with a hole".
>
>However, that's all the past. The current regulations are pretty
>explicit. You can find them at
>http://www.bxa.doc.gov/Regulations/encreg.pdf
>which is
> _Federal_Register_
> Vol 61 #251
> Monday Dec 30 1996
> Page 68573
Might I point out that the DES policy mentioned on p.68573 of the
above referenced document expired on 12/31/98? I'd hardly call that
"current." In any case, its basic premise that export approval
should be tied to key recovery is now pretty much dead.
At best, the policies in this document were inconsistent and
they were certainly inconsistently applied. (For example, CAPI and
some CDSA variants received export approval because they contained
certain absurd and futile attempts to foil the implementation of 3DES
while commercial 3DES products were denied licenses. The reasoning
seemed to be that national security was not threatened by enabling someone
to build his own "howitzer" with only 10 lines of C code, but it was
threatened by you building it for him... regardless of whether or not
he could download a pre-built howitzer for free over the Internet. <g>)
Let's hope that the new set of regulations that are to emerge in the
next few months will make more sense.
-mjm
==========
Michael J. Markowitz, Ph.D. Email: [EMAIL PROTECTED]
Vice President R&D Voice: 847-405-0500
Information Security Corporation 708-445-1704
1011 Lake Street, Suite 212 Fax: 847-405-0506
Oak Park, IL 60301 WWW: http://www.infoseccorp.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
