1995-07-27 - Re: Exporting from Canada (was Re: Let’s try breaking an SSL RC4 key)

Header Data

From: “M. Plumb” <mp@io.org>
To: sjb@austin.ibm.com (Scott Brickner)
Message Hash: a9db9e9159e96236063b48883e173d237cce58ac8c0cb87062cbe0a88017444e
Message ID: <199507270352.XAA01331@twitch.io.org>
Reply To: <9507251659.AA16288@ozymandias.austin.ibm.com>
UTC Datetime: 1995-07-27 03:52:36 UTC
Raw Date: Wed, 26 Jul 95 20:52:36 PDT

Raw message

From: "M. Plumb" <mp@io.org>
Date: Wed, 26 Jul 95 20:52:36 PDT
To: sjb@austin.ibm.com (Scott Brickner)
Subject: Re: Exporting from Canada (was Re: Let's try breaking an SSL RC4 key)
In-Reply-To: <9507251659.AA16288@ozymandias.austin.ibm.com>
Message-ID: <199507270352.XAA01331@twitch.io.org>
MIME-Version: 1.0
Content-Type: text


> So?  The ITAR doesn't control export to Canada.  Export the source code
> to Canada, compile, validate, sign, and put on CD in Canada, and export
> to the world.

No. Export of crypto to Canada is legal because Canada prohibits the
further export of goods of U.S. origin. Before the Canadian government
will allow further export of crypto software from the U.S., there must
be lot of improvement done to the product within Canada. The exact
rules are not well defined, but with crypto I expect that the CSE
(Communications Security Establishment -- our version of the NSA)
would push for at least 50% Canadian content. So I don't expect to
see PGP being exported legally any time soon.
 
> I also seem to remember a while back (Mar/Apr) someone reported here that the
> Canadian bureaucrat responsible for executing import/export rules said
> that he didn't consider crypto to be restricted by Canada's rules.

I have talked with the bureaucrat that I think you are referring
to, and he said no such thing. He said that public domain crypto
software that is entirely of Canadian origin was, in his opinion
not covered. When I talked to him, he stressed that PGP is still
covered.
--
	-marc




Thread