From: Jim Gillogly <jim@acm.org>
To: cypherpunks@toad.com
Message Hash: e2ea96a18dbf69a62e07b9290aae398becf9ce9384d71d8114d19d49ceb45e05
Message ID: <199508180030.RAA04988@mycroft.rand.org>
Reply To: <199508180000.UAA00325@frankenstein.piermont.com>
UTC Datetime: 1995-08-18 00:30:36 UTC
Raw Date: Thu, 17 Aug 95 17:30:36 PDT
From: Jim Gillogly <jim@acm.org>
Date: Thu, 17 Aug 95 17:30:36 PDT
To: cypherpunks@toad.com
Subject: Re: I need exportable crypto revisited.
In-Reply-To: <199508180000.UAA00325@frankenstein.piermont.com>
Message-ID: <199508180030.RAA04988@mycroft.rand.org>
MIME-Version: 1.0
Content-Type: text/plain
> "Perry E. Metzger" <perry@piermont.com> writes:
> If you have hooks for arbitrary encryption, you will find it to be
> virtually impossible to export the product.
That's my understanding also (as I told him in e-mail) but I haven't found
any legal justification for it. I spent a while poring over the ITARs,
section XIII.b (ftp://ftp.cygnus.com/pub/export/itar.in.full), and I
didn't see anything that looked likely. Maybe "ancillary equipment" in
XIII.b.5, but that seems a stretch and is not at all specific.
I note that hash algorithms for message authentication are specifically
excluded from control in XIII.b.1.vi, which conflicts with what I was told
by somebody who'd gotten a nastygram from Commerce. Sort of a relief,
since I've been giving my SHA implementation away freely
(rand.org:pub/jim/sha.tar.gz).
Has anybody who's been impaled on the stinky end of this stick been told the
chapter and verse?
Jim Gillogly
Sterday, 26 Wedmath S.R. 1995, 00:21
Return to August 1995
Return to ““Perry E. Metzger” <perry@piermont.com>”