1995-11-15 - Re: NSA, ITAR, NCSA and plug-in hooks.

Header Data

From: Tatu Ylonen <ylo@cs.hut.fi>
To: jeffb@sware.com
Message Hash: 9721ff4b5f54815b017c7fa6cce43f2f98a609f83bede7850c29f859f2816b89
Message ID: <199511142016.VAA00818@trance.olari.clinet.fi>
Reply To: <199511141758.MAA14695@jafar.sware.com>
UTC Datetime: 1995-11-15 11:41:48 UTC
Raw Date: Wed, 15 Nov 95 03:41:48 PST

Raw message

From: Tatu Ylonen <ylo@cs.hut.fi>
Date: Wed, 15 Nov 95 03:41:48 PST
To: jeffb@sware.com
Subject: Re: NSA, ITAR, NCSA and plug-in hooks.
In-Reply-To: <199511141758.MAA14695@jafar.sware.com>
Message-ID: <199511142016.VAA00818@trance.olari.clinet.fi>
MIME-Version: 1.0
Content-Type: text/plain

>> For those who were wondering if plug-in crypto hooks were still watched 
>> out for. One wonders how the ietf folks are managing to promote internet-wide
>> standards that are considered unexportable (Are they? What's the deal on 
>> photuris, PEM, ipsec and the rest of them?)

> Does anyone know the ostensible justification for this?  What section of
> the ITARs do they point to when they say "this is illegal"?  I've perused
> an online copy of ITAR (no, I haven't read all of it -- I have other
> things I want to do this year :-), but I can't find a section that could
> be construed to support this contention.

Luckily, a lot of cryptographic materials are available outside the
United States (see e.g. http://www.cs.hut.fi/crypto for pointers).

If the United States chooses to restrict export of IP security
products, it simply helps create a flourishing network security
and other communications industry in other countries.  There are
already several implementations of the IP security stuff abroad -
including at least one in the former Soviet Union.