From: uri@watson.ibm.com
Date: Fri, 15 Jan 93 13:26:42 PST
To: opac!brian%OPAC.osl.or.gov@CS.ORST.EDU (BRIAN MCBEE)
Subject: Re: use of ripem instead of pgp
In-Reply-To: <00966A50.87B655C0.23058@OPAC.OSL.OR.GOV>
Message-ID: <9301152125.AA19820@buoy.watson.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain


BRIAN MCBEE says:
> Since the only reason we are talking about RIPEM is because of legality
> concerns about PGP, I thought I'd mention that it is (at least theoretically)
> illegal to export RIPEM from the US, annd therefore could not be legally used
> to correspond with persons overseas.

RSAREF isn't legally exportable - that's correct. But RIPEM certainly
is. And there's nothing to prevent those overseas from using RIPEM
with whatever RSA and DES implementations they wish (they have at
least three good ones to choose from :-).

> I don't know if there is a legal way to do public key cryptography between
> persons inside the US and persons outside the US.

a) If "they" teach PGP to understand PEM - we could use RIPEM here
   to talk to them (they will use PGP, naturally).

b) If they get legal RIPEM and marry it with RSA/DES - we could talk
   with them using RIPEM on both ends.
--
Regards,
Uri         uri@watson.ibm.com      scifi!angmar!uri 	N2RIU
-----------
<Disclamer>