1996-10-11 - Re: Why not PGP?
Header Data
From: Adam Back <aba@dcs.ex.ac.uk>
To: frantz@netcom.com
Message Hash: 06e466cf5300116de54e146186352e921e862b1e5f6f64074acaecea2a59df34
Message ID: <199610110749.IAA00291@server.test.net>
Reply To: <199610101930.MAA18867@netcom8.netcom.com>
UTC Datetime: 1996-10-11 13:00:53 UTC
Raw Date: Fri, 11 Oct 1996 06:00:53 -0700 (PDT)
Raw message
From: Adam Back <aba@dcs.ex.ac.uk>
Date: Fri, 11 Oct 1996 06:00:53 -0700 (PDT)
To: frantz@netcom.com
Subject: Re: Why not PGP?
In-Reply-To: <199610101930.MAA18867@netcom8.netcom.com>
Message-ID: <199610110749.IAA00291@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain
Bill Frantz <frantz@netcom.com> writes:
> >2. Suppose someone writes a program Z that has no expicit crypto code in
> >it, but has hooks for installing one or another version of PGP. Given a
> >copy of Z, someone in this country could install PGP he got from MIT,
> >whereas someone in Europe could install the international version.
> >Would export of Z violate ITAR restrictions?
>
> Yes
I agree. However let me elaborate for Rollo: with ITAR there are at
least three aspects:
- what ITAR says
It says for instance that you can not _talk_ to a foreign national in
the US about crypto, that you can not show them books, that you can
not export books etc. We know this is not enforced (they tried it a
few times and gave up). We know books are allowed to be exported,
examples: Bruce Schneier's Applied Crypto (crypto source code, never
mind technical descriptions, which ITAR says are illegal to export
or disclose to foreigners "Disclosing (including oral or visual
disclosure)" Phil Zimmermann/MIT's PGP source code and internals
book, the full source code to PGP itself in an OCR font) They don't
enforce books or discussions anymore because of the clear 1st
ammendment case against this behaviour.
- and what the NSA, and US government care to interpret ITAR as
meaning today (they change to suit the case at hand, keeping their
interpretation purposefully vague)
- what they care to enforce
NCSA Mosaic had a PGP signature checking hook, they were told to
take it out. Microsoft's CAPI arrangement is that they will not
sign non-US CAPI compliant crypto modules (Examples of enforcement of
no-hooks interpretation).
emacs mailcrypt is exported form the US (Emacs RMAIL/GNUS interface
to PGP - just plug in pgp263i or mit pgp262, an example of
non-enforcement of no-hooks interpretation)
Adam
--
#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
Thread
Return to October 1996
- Return to “Adam Back <aba@dcs.ex.ac.uk>”
Return to “frantz@netcom.com (Bill Frantz)”
- 1996-10-10 (Thu, 10 Oct 1996 12:30:29 -0700 (PDT)) - Re: Why not PGP? - frantz@netcom.com (Bill Frantz)
- 1996-10-11 (Fri, 11 Oct 1996 06:00:53 -0700 (PDT)) - Re: Why not PGP? - Adam Back <aba@dcs.ex.ac.uk>