1995-12-07 - Re: Solution for US/Foreign Software?

Header Data

From: Oliver Huf <ohuf@relay.sedat.de>
To: cypherpunks@toad.com
Message Hash: 0dd271000ddbc0e5ccd4a1a7ccf7741ccefd501c9bcdc3ae4280c38f8be8f632
Message ID: <Pine.NXT.3.91.951207171726.21974V-100000@oe1>
Reply To: <9512062236.AA01307@alpha>
UTC Datetime: 1995-12-07 16:30:16 UTC
Raw Date: Thu, 7 Dec 95 08:30:16 PST

Raw message

From: Oliver Huf <ohuf@relay.sedat.de>
Date: Thu, 7 Dec 95 08:30:16 PST
To: cypherpunks@toad.com
Subject: Re: Solution for US/Foreign Software?
In-Reply-To: <9512062236.AA01307@alpha>
Message-ID: <Pine.NXT.3.91.951207171726.21974V-100000@oe1>
MIME-Version: 1.0
Content-Type: text/plain



I don't know the US-Export regulations very well, so please
allow a quick one:

Maybe a legal way around the keysize-regulation would be:

Many US companies have subsidiaries <sp?> outside the US.
Some of them are leaded by non-US-citizens.

1) The U.S.-company engineers a software with strong (but legal) 
   crypto for use inside the U.S. The program is sold in the U.S.
   At the same time the company exports the sourcecode of the
   program *without* any crypto at all to their subsidiaries.
   (should be legal)
2) one or more of the subsidiaries include "self-engineered"
   crypto-routines into the program-"hull" they received 
   from inside the U.S.
   This program is sold in th subsidiaries countries (Europe etc.) 

Two things have to be assured:

- Both crypto-routines have to be compatible
- No U.S.-citizens must be involved in the engineering of the 
  subsidiaries crypto-routines.


Any comments?

	ohuf.
   





Thread