From owner-freebsd-security Wed Jul 26 16:16:13 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.11/8.6.6) id QAA26765 for security-outgoing; Wed, 26 Jul 1995 16:16:13 -0700 Received: from netmail.austin.ibm.com (netmail.austin.ibm.com [129.35.208.98]) by freefall.cdrom.com (8.6.11/8.6.6) with ESMTP id QAA26758 for ; Wed, 26 Jul 1995 16:16:09 -0700 Received: from ozymandias.austin.ibm.com (ozymandias.austin.ibm.com [9.3.29.12]) by netmail.austin.ibm.com (8.6.11/8.6.11) with SMTP id SAA216288; Wed, 26 Jul 1995 18:15:40 -0500 Received: from localhost.austin.ibm.com by ozymandias.austin.ibm.com (AIX 3.2/UCB 5.64/4.03-client-2.6) for pst@stupi.se at austin.ibm.com; id AA15729; Wed, 26 Jul 1995 18:15:09 -0500 Message-Id: <9507262315.AA15729@ozymandias.austin.ibm.com> To: "Rodney W. Grimes" Cc: sef@kithrup.com, security@freebsd.org, mark@grondar.za, pst@stupi.se Subject: Re: secure/ changes... In-Reply-To: (Your message of Wed, 26 Jul 1995 11:56:02 CDT.) <199507261856.LAA26575@gndrsh.aac.dev.com> Date: Wed, 26 Jul 1995 18:15:09 -0500 From: Scott Brickner Sender: security-owner@freebsd.org Precedence: bulk "Rodney W. Grimes" writes: >Obtaining legal advice and taking action on such information, IMHO, >in this manner is a very dangerous game to play. There are 10000 >arm chair lawyers for every 1 real one. I am an arm chair lawyer, >but I don't take legal actions based upon my arm chair interpretations, >I pay for proper legal advice and/or consult the law books and or >agencies myself. You seem quite willing to offer us plenty of advice on the legality of crypto import. Okay. We're all aware that you just don't know whether it's legal to import DES. So why bother insisting "it might be illegal"? Sure, it might. It might be illegal to *breathe* given the ridiculously convoluted structure of American law. The question at hand is still, "Should we consider making the FreeBSD foreign security available by ftp?" The advice as to whether or not is illegal is only that --- advice. The final decision is up to whoever owns that server, and will be liable to legal action resulting from running it. He is legally assumed to be competent to judge for himself whose advice he believes. I note for him (whoever he may be) that none of the various mailing lists or newsgroups that would likely discuss the subject have noted import restrictions --- most are comfortable with the position that crypto import is *not* illegal. I further note that the basis for Phil Zimmermann's harrassment is entirely based on the fact that he is claimed to be responsible for the *export* of strong crypto, not it's *import*, which he must necessarily have also done --- IDEA, the symmetric cipher in PGP, originated in Europe. I assert that if such import were illegal, charges agains PRZ would include a violation of such. You, on the other hand, offer merely the fact that lots of stuff is regulated for import and export. We'll leave the server operator to decide for himself.