From: John Gilmore <gnu@toad.com>
To: bernstein-announce@toad.com
Message Hash: 5db14d89ced93aad7a955d80930467a7d2230d47b1d0f66eacb88cb140952a43
Message ID: <199712232040.MAA20998@toad.com>
Reply To: N/A
UTC Datetime: 1997-12-23 20:52:59 UTC
Raw Date: Tue, 23 Dec 1997 12:52:59 -0800 (PST)
From: John Gilmore <gnu@toad.com>
Date: Tue, 23 Dec 1997 12:52:59 -0800 (PST)
To: bernstein-announce@toad.com
Subject: Gilmore Publishes Strong Crypto Code Online for Authentication
Message-ID: <199712232040.MAA20998@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
[This announcement does not relate directly to the Bernstein case,
but I felt the overlap of interest would be very strong. -- John]
Strong Crypto Code Published Online for Authentication
San Francisco, December 23, 1997 - Civil libertarian John Gilmore
today published strong authentication source code on the Internet,
making it available for worldwide access, despite U.S. National
Security Agency attempts to restrict such software. He is publishing
Domain Name System Security software that contains a complete copy of
RSAREF, well-known cryptography software that is a predecessor to the
DNSsafe software released in October by RSA Data Security, Inc.
Mr Gilmore explains, "Internet publication of cryptography software is
considered an export by the US Government, and often requires
government permission under the Export Administration Regulations
(EAR). But those regulations specifically exempt programs which
merely prove that information is authentic (authentication), rather
than hiding the information (privacy)."
The export regulations were amended in 1989 to exclude authentication
software. Since that time, however, the National Security Agency has
been telling people privately that the exclusion only applies to
ready-to-run "binary" programs. They have reportedly claimed that the
regulations still require government permission to export the
human-readable "source code" of authentication programs. The plain
text of the regulations makes no such distinction, though; all
authentication programs are exempt.
Readers can obtain the software from Mr. Gilmore's web site for Domain
Name System Security, at http://www.toad.com/~dnssec or at
http://www.flash.net/~dnssec. Future releases will be available from
the Internet Software Consortium, http://www.isc.org/bind.html.
The Electronic Frontier Foundation, which Mr. Gilmore co-founded, is
sponsoring a lawsuit to have the entire cryptography software export
control regime overturned. In the three-year suit, Bernstein v. State,
Judge Marilyn Hall Patel has invalidated export controls administered by
both the State Department and the Commerce Department. She ruled they
are an unconstitutional prior restraint against our First Amendment
right to speak and publish about cryptography. The case is now in the
Ninth Circuit Court of Appeals.
Domain Name System Security: http://www.toad.com/~dnssec
or http://www.flash.net/~dnssec
Internet Software Consortium: http://www.isc.org
RSA Data Security: http://www.rsa.com
Electronic Frontier Foundation: http://www.eff.org
Press Contacts:
John Gilmore, Founding Board Member, EFF
+1 415 221 6524, gnu@toad.com
Shari Steele, Staff Attorney, Electronic Frontier Foundation
+1 301 375 8856, ssteele@eff.org
More press background is available at:
http://www.toad.com/~dnssec/pressrel1.background.txt
Return to December 1997
Return to “John Gilmore <gnu@toad.com>”