From: exabyte!smtplink!mikej@uunet.UU.NET
Date: Thu, 7 Apr 94 10:42:58 PDT
To: prz@acm.org
Subject: ftp distribution of strong crypto in the USA.
Message-ID: <9403077657.AA765739897@smtplink.exabyte.com>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

Here is how to set up an ITAR compliant (I think) ftp site that you can 
place crypto files up for distribution within the USA and Canada.  The 
exact details will vary depending on your Internet service provider.

I think the method is sound, because it is pretty much what rsa.com does, 
and they have lots of lawyers to figure this stuff out.  You should take 
a look at their site and make sure that the README file you put up is 
close to what they have.

1.  Send a message to support@netcom.com to ask them to set up an ftp 
area for you (read the faq on it, first).
2.  Create an alias in your home directory to point to the ftp directory
(something like ln -s ~ftp/name ftp)
3.  Create a directory in your ftp directory called (exactly) 
I_will_not_export.  Set its permissions with chmod 711 I_will_not_export.
4.  Create a directory under I_will_not_export called crypto_xxxxxxx, and 
set its permissions to 755 (chmod 755 crypto_xxxxxxx).  Under that 
directory, place files and/or directories for USA consumption only.
5.  Set the base ftp directory permissions to 755
cd 
cd ftp
chmod 755 .
6.  Get the files gate and newdir from my ftp directory and 
copy them to your base ftp directory.
7.  Set the permissions  on the above files to allow execution
chmod 700 gate newdir
8.  Copy crypto_dir from my ftp directory to your home directory and set 
its permissions to allow execution.
cd
cp ~ftp/mpj/crypto_dir .
chmod 700 crypto_dir
9.  Add the command crypto_dir to your .login script with an editor tool.
10.  Copy my README file to your base ftp directory, and edit to taste, 
but make sure the line with the crypto directory name is unedited.  Set 
the README file permissions to allow reading by the world (chmod 644 README).
Make sure the legal requirements to ftp are clear to the average jury.
11.  Set up .message files with appropriate messages for your directories.

The crypto directory name should be changed and README updated every time 
you log in.

Any questions?

                  ___________________________________________________________
 |\  /| |        |                                                           |
 | \/ |o|        | Michael Paul Johnson  Colorado Catacombs BBS 303-938-9654 |
 |    | | /  _   | mpj@csn.org   ftp csn.org \mpj\README.MPJ for access info.|
 |    |||/  /_\  | aka mpjohnso@nyx.cs.du.edu mikej@exabyte.com              |
 |    |||\  (    | m.p.johnson@ieee.org CIS 71331,2332    VPGP key by finger |
 |    ||| \ \_/  |___________________________________________________________|

-----BEGIN PGP SIGNATURE-----
Version: 2.4

iQCVAgUBLaQveT9nBjyFM+vFAQHU8QP+M2VGQmw5Vj6zF9i7pc+15wiwDsmdKqZj
LNXOiOQFKP51LYd+WxilU01lcLAKjqFhuCcG4iB4GCXM/4Lz3tdBRG5SB7k3BrBz
BpsOi8kjlQKsTlbR8aI8S9TbeGABB5DKvVwtxr8767Wrt6LjoQnWowSeV0q9B+Kr
+aM96+RaBEE=
=bTs8
-----END PGP SIGNATURE-----