1995-11-13 - Re: Pegasus Mail

Header Data

From: Rich Salz <rsalz@osf.org>
To: scottst@ionet.net
Message Hash: f15e6da256c6f8dbac6aa7aa0ed98faec1289048e42e0893fa9ef5c55f2a6a31
Message ID: <9511091252.AA04699@sulphur.osf.org>
Reply To: N/A
UTC Datetime: 1995-11-13 12:42:41 UTC
Raw Date: Mon, 13 Nov 1995 20:42:41 +0800

Raw message

From: Rich Salz <rsalz@osf.org>
Date: Mon, 13 Nov 1995 20:42:41 +0800
To: scottst@ionet.net
Subject: Re: Pegasus Mail
Message-ID: <9511091252.AA04699@sulphur.osf.org>
MIME-Version: 1.0
Content-Type: text/plain


I sure hope some tells David Harris that his program is now export
controlled.  From my reading of his message, it seemed like he thinks he
"beat the system" because he didn't include actual crypto code.

Software that says "plug your own crypto here" is considered an anciliarry
device according to the ITAR.  Or, as I heard some NSA people call it,
"the classic 'crypto with a hole'."  Seems kinda silly that the hole is
the crypto, but hey that anciliiary device clause, you just gotta love
it.

If Pegasus mail were written to support generic user-loadable content
transforms, that would be different.  But even then, you have to be careful
how that's done.  If just did some global search-and-replace and came up
with "keyed compression" you wouldn't get past anyone.  But if you had an
opaque state block that the user modules could set/use/clear, and you
passed that along with your in/out buffers, then you'd be safe.  Of course,
they'd know what is really going on, but are powerless to prevent it.
	/r$





Thread