From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 30 May 1997 16:23:44 +0800
To: Dave Del Torto <ddt@pgp.com>
Subject: Re: Newsflash: PGP approved for export of strong crypto
In-Reply-To: <v04000223afb3866a7a2f@[205.180.136.26]>
Message-ID: <3.0.1.32.19970530010005.007679f0@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Subject: Re: Newsflash: PGP approved for export of strong crypto
To: ddt@pgp.com, cypherpunks@toad.com

Hi, Dave!   Thanks for forwarding the press release to various lists.
(Could you also forward this along to Mike Nelson?  The press release
didn't include his email :-)  I was interested in a couple of issues.

1) Cool - especially doing it without GAK!  This kind of thing is a 
major wedge in the export control regime, even if it is mainly for the
big players first.

2) Are there explicit terms a company has to agree to to be
allowed to export PGP to its non-US subs/branches, or is it
just negotiation with the State Department?  Does it take excessive
expensive legal paperwork, or is it something just about anybody could do?
Could Bill Stewart Consulting (i.e. just me) meet the requirements?

After a company is approved, are there special record-keeping requirements,
or could I just email or registered-US-Snail or DHL-mail a copy to 
my branch in Japan or the UK?  (One of the interesting cases for me is
subsidiaries that are joint ventures with other companies such as
non-government-owned foreign telcos.)

3) Your press release said:
>   In order to provide only the strongest encryption software, 
>   Pretty Good Privacy publishes all of its encryption source code 
>   and algorithms for extensive peer review and public scrutiny. 
Does this mean that the non-encryption parts of your code probably
won't be reviewed, at least in public?  


-----BEGIN PGP SIGNATURE-----
Version: 5.0 beta
Charset: noconv

iQBVAwUBM46IIfthU5e7emAFAQEi4wIAnnS3BM1lZuw179QNq7unrr9IIBAEUI7e
ww46TBni27NUL9F5vN54L2HYTlg15Je3hfMTPKcSQn6abAvT12e+Vg==
=huGZ
-----END PGP SIGNATURE-----

BTW, the 5.0 plug-in to Eudora is nice!  I'm having a little trouble guessing
when it's going to include my signature block and when it's not,
but so far I like it, and the Win95 PGPtray widget was also convenient.



#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#   (If this is a mailing list or news, please Cc: me on replies.  Thanks.)