From: jthomas@kolanut.mitre.org (Joe Thomas)
Date: Fri, 15 Jan 93 13:35:21 PST
To: cypherpunks@toad.com
Subject: Re: use of ripem instead of pgp
Message-ID: <9301152131.AA01479@kolanut>
MIME-Version: 1.0
Content-Type: text/plain


BRIAN MCBEE <opac!brian%OPAC.osl.or.gov@cs.orst.edu> writes:
>Since the only reason we are talking about RIPEM is because of  
legality 

>concerns about PGP, I thought I'd mention that it is (at least  
theoretically) 

>illegal to export RIPEM from the US, annd therefore could not be  
legally used 

>to correspond with persons overseas.

>I don't know if there is a legal way to do public key cryptography  
between 

>persons inside the US and persons outside the US.

What is illegal to export is the software implementations of strong  
cryptography, not messages encrypted with them, or even detailed  
specifications of how to implement compatible software.  So,  
theoretically, if a group in each COCOM-complying country and a group  
out of the reach of COCOM each independently implemented software to  
do the public-key cryptography (the U.S. group is the only one that  
will have to worry about licensing PKP's patents), then trading  
encrypted mail would be unquestionably legal.

It would also be a lot of wasted work and duplicated effort, and I  
don't see any reason to respect the laws that make exporting or  
importing this software illegal.  RIPEM has no doubt escaped the U.S.  
since RSADSI put it up for anonymous FTP last week, and PGP is  
everywhere.

Joe