From owner-freebsd-security  Fri Dec  8 17:26:11 1995
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id RAA11834
          for security-outgoing; Fri, 8 Dec 1995 17:26:11 -0800 (PST)
Received: from precipice.shockwave.com (precipice.shockwave.com [171.69.108.33])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id RAA11829
          for <security@FreeBSD.org>; Fri, 8 Dec 1995 17:26:08 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by precipice.shockwave.com (8.6.12/8.6.12) with SMTP id RAA15606; Fri, 8 Dec 1995 17:24:37 -0800
Message-Id: <199512090124.RAA15606@precipice.shockwave.com>
To: Faried Nawaz <fn@pain.csrv.uidaho.edu>, jis@mit.edu
cc: security@FreeBSD.org
Subject: legal to export DES outside of the US via Canada?
In-reply-to: Your message of "Fri, 08 Dec 1995 14:27:04 PST."
             <199512082227.OAA00937@pain.csrv.uidaho.edu> 
Date: Fri, 08 Dec 1995 17:24:36 -0800
From: Paul Traina <pst@shockwave.com>
Sender: owner-security@FreeBSD.org
Precedence: bulk

This is an amazing loophole if it is true,  but like the old saying goes,
it sounds too good to be true.  All it would take would be two coopoerating
parties to legally export (non-patented) non-commercial crypto code.

If this is true, I wonder why MIT's crowd of friends didn't pick up on it
with respect to Kerberos (which sounds like it meets all criteria)?

Paul


  From: Faried Nawaz <fn@pain.csrv.uidaho.edu>
  mmm...canada.
  
  ------- Forwarded Message
  
  Return-Path: xmisc-request@zephyr.ccrc.wustl.edu
  Received: from zephyr.ccrc.wustl.edu (zephyr.ccrc.wustl.edu [128.252.169.9]) 
>>by pain.csrv.uidaho.edu (8.6.12/8.6.9) with SMTP id NAA00348 for <fn@pain.csr
>>v.uidaho.edu>; Fri, 8 Dec 1995 13:53:43 -0800
  Received: from zephyr.ccrc.wustl.edu by zephyr.ccrc.wustl.edu id aa02678;
            8 Dec 95 13:08 CST
  Received: from MAJORDOMO by zephyr.ccrc.wustl.edu id aa02675; 8 Dec 95 13:05 
>>CST
  Received: from zeus.theos.com by zephyr.ccrc.wustl.edu id aa02666;
            8 Dec 95 13:05 CST
  Received: from LOCALHOST.theos.com by theos.com (4.1/tdr1.0)
  	id AA10446; Fri, 8 Dec 95 12:05:23 MST
  Message-Id: <9512081905.AA10446@theos.com>
  To: misc@openbsd.org
  Subject: crypto software export
  Date: Fri, 08 Dec 1995 12:05:22 -0700
  From: Theo de Raadt <deraadt@theos.com>
  Sender: owner-misc@openbsd.org
  Precedence: bulk
  
  I just got confirmation from the Canadian government that free
  software is not controlled by any cryptographic export or usage laws
  in Canada.
  
  Yes, this means we're free to include any and all cryptographic stuff
  that we want in any place in the source tree, as long as licensing,
  patent, etc. issues are handled.
  
  The actual text of the law is being mailed to me. I'll be able to
  quote from it later if anyone wants further details.
  
  BTW, in a twist of law, when I asked about ITAR the gentleman said
  that ITAR doesn't enter into the picture at all. Apparently one could
  bring ITAR code into Canada, and the Canadian government has no law on
  the books to prevent it from being re-exported to the world.  I'd
  always suspected this loophole; the fellow picked up rather quickly on
  what I was suggesting.....  and made it clear that there'd be no law
  to prevent one from doing so! (not that I want to re-export ITAR)
  
  ------- End of Forwarded Message