1998-12-30 - Re: Wassenaar summary (and a funny new loophole)

Header Data

From: Bill Stewart <bill.stewart@pobox.com>
To: Ben Laurie <ulf@fitug.de>
Message Hash: de1f328049d286b4f946d400af58c3a9529a3ef5e3aad1ee2a14b5b27f90caa5
Message ID: <3.0.5.32.19981230011725.00a4b940@idiom.com>
Reply To: <199812101815.TAA120782@public.uni-hamburg.de>
UTC Datetime: 1998-12-30 11:20:49 UTC
Raw Date: Wed, 30 Dec 1998 19:20:49 +0800

Raw message

From: Bill Stewart <bill.stewart@pobox.com>
Date: Wed, 30 Dec 1998 19:20:49 +0800
To: Ben Laurie <ulf@fitug.de>
Subject: Re: Wassenaar summary (and a funny new loophole)
In-Reply-To: <199812101815.TAA120782@public.uni-hamburg.de>
Message-ID: <3.0.5.32.19981230011725.00a4b940@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain



Unfortunately, since Wassenaar is not the law, only an agreement
by bureaucrats to make laws or regulations sort of like it if
they can talk their pet legislatures into rubberstamping them,
this doesn't help.  

You can't take a bureaucrat to court and 
insist that she rescind a regulation that was stronger than the 
Minimum Daily Repression specified in the "Arrangement" -
you can only insist on whatever your nation's constitution (if any)
or fundamental rights document (if any) specifies, 
or perhaps go to the World Court or some European Union or 
European Community court and argue the case there.
But most of these rights documents say things like
"except for national security" and aren't very enforceable
even if they do plainly state that your rights are stronger than that.

>Ulf Mller wrote the following about mistakes in Wassenaar:
>> Since the definition differentiates algorithms by symmetry rather than by
>> their cryptographic properties, there is no restriction whatsoever on
>> asymmetric secret-key encryption algorithms. Those algorithms typically
>> are not based on factorization or discrete logarithms. That is, they are
>> no longer controlled by the Wassenaar arrangement.

At 07:06 PM 12/10/98 +0000, Ben Laurie wrote:
>Hmm - so if I defined a new crytpo algorithm, SED3, say, that looks likethis:
>SED3(k,x)=3DES(backwards(k),x)
>where backwards(k) is k with its bits written backwards, then the
>3DES/SED3(k1,k2) combination is exportable (where k1 is related to k2,
>of course, by k2=backwards(k1))?

I assume you mean 3DESDecrypt(backwards(k),x) ?  It still doesn't work,
because 3DESEncrypt is still symmetric with 3DESDecrypt,
and SED3Decrypt is still symmetric with 3DESEncrypt(backwards(k),x).
But you could still come up with something that meets the
letter of the non-law, just for the fun of tweaking them.

I think it's more realistic to go for the various
General Software Exemptions and Public Domain Exemptions,
and generally lobby legislatures to slow down on implementing Bad Things,
and let them see there's money to be made for their countries' 
local businesses by not cooperating.  

A potentially valuable change to go for would be to allow 
export between members of the Wassenaar, or the EC, or whatever.
After all, the whole purpose of the COCOM that Wassenaar grew out of
was to keep Commies from getting militarily valuable technology,
and now that there aren't any Commies (unless you count the Chinese or Cubans)
and they've let the Russians into Wassenaar, the whole thing's
prima facie stupid anyway.

				Thanks! 
					Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639





Thread