1996-06-05 - Re: Java Crypto API questions

Header Data

From: jim bell <jimbell@pacifier.com>
To: shamrock@netcom.com (Lucky Green)
Message Hash: 68a63cd4744fe09b9356e770204b2ca0d64dc67e468565351d014de5eeb6fb5d
Message ID: <199606041554.IAA23220@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-06-05 02:54:42 UTC
Raw Date: Wed, 5 Jun 1996 10:54:42 +0800

Raw message

From: jim bell <jimbell@pacifier.com>
Date: Wed, 5 Jun 1996 10:54:42 +0800
To: shamrock@netcom.com (Lucky Green)
Subject: Re: Java Crypto API questions
Message-ID: <199606041554.IAA23220@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:52 PM 6/3/96 -0700, Lucky Green wrote:
>At 16:22 6/3/96, jim bell wrote:
>
>>A signature is just that:  A signature.  It doesn't encrypt or decrypt.  It
>>doesn't even ALLOW the system it's in to encrypt or decrypt, because there
>>are numerous encryption programs written that have no need for such a
>>signature.  If no program existed which _used_ that signature, nobody would
>>think twice about exporting it.
>>
>>The fact is, it is LEGAL to import encryption code into the US.  It is LEGAL
>>to generate an hash of that code, and it is LEGAL to export that hash.  To
>>believe otherwise is to broadly expand the scope of export laws far beyond
>>what they were intended to mean.
>
>First, the ITAR are not laws, but regulations. Second, there are many that
>believe that applying ITAR to crypto software is already expanding the
>scope of the regulations far beyond what they were intended to mean.

I agree.  Which is why I think any acquiescence by Microsoft on the subject 
of exportability of signatures is wrong.  Let the government press its case, 
if it wants to try.  Don't assist it, even rhetorically.

Jim Bell
jimbell@pacifier.com





Thread