1996-09-08 - Re: rc2 export limits..

Header Data

From: “Michael Froomkin - U.Miami School of Law” <froomkin@law.miami.edu>
To: “P. J. Ponder” <ponder@freenet.tlh.fl.us>
Message Hash: a353be0e1345065a3619ab490b9bdf08d8f81ce875a643be0b3ec2a3733a0761
Message ID: <Pine.SUN.3.95.960907173137.29591P-100000@viper.law.miami.edu>
Reply To: <Pine.OSF.3.91.960905084320.30700A-100000@fn3.freenet.tlh.fl.us>
UTC Datetime: 1996-09-08 00:04:11 UTC
Raw Date: Sun, 8 Sep 1996 08:04:11 +0800

Raw message

From: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
Date: Sun, 8 Sep 1996 08:04:11 +0800
To: "P. J. Ponder" <ponder@freenet.tlh.fl.us>
Subject: Re: rc2 export limits..
In-Reply-To: <Pine.OSF.3.91.960905084320.30700A-100000@fn3.freenet.tlh.fl.us>
Message-ID: <Pine.SUN.3.95.960907173137.29591P-100000@viper.law.miami.edu>
MIME-Version: 1.0
Content-Type: text/plain


isn't this what Bernstein's program that is the subject of a lawsuit in
california does?

On Thu, 5 Sep 1996, P. J. Ponder wrote:

> 
> keywords:  ITAR, SHA, beneficial and innocuous crypto
> 
> The persistent reputation known as Bill Stewart wrote:
> 
> >Date: Wed, 04 Sep 1996 23:09:17 -0700
> >From: Bill Stewart <stewarts@ix.netcom.com>
> >To: Kent Briggs <72124.3234@compuserve.com>
> >Cc: cypherpunks@toad.com
> >Subject: Re: rc2 export limits..
> >
> >I'm afraid my source is "Read it on the net and was surprised to hear it".
> >My assumption is that the limit is for software that implements
> >both signature and verification, since ITAR doesn't ban export of
> >pure-authentication software.
> 
> The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in 
> the fine print at the beginning that SHA is export controlled.  I don't 
> have the document to refer to right now, but it plainly states that SHA  
> falls under ITAR.  As a cryptographic hash function, why would it be 
> controlled in this way?
> 
> How can I use SHA to encrypt something for someone else to decrypt?  I 
> know how to use it for authentication; am I missing something here?
> 
> ANFSCD:
> 
> I tried that OnNet32 e-mail software from FTP software.  It runs under 
> Windows95.  It is a lot of material to download, and way too intrusive to 
> install.  It wants to metastasize itself into the innards of Microsoft 
> Exchange and Inboxes, etc.  What is it with all this complexity anyway?  
> Why not just have a POP client that will check mail on the server?
> 
> It also wants you to store your mailbox password in it, as opposed to 
> letting you enter it on a session-by-session basis.  I don't like that.
> 
> sticking with PINE, PGP, and Xywrite II for now.... 
> 

[This message may have been dictated with Dragon Dictate 2.01. 
Please be alert for unintentional word substitutions.]

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | 
U.. Miami School of Law     | froomkin@law.miami.edu
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's hot here.  And #@&*! humid.






Thread