Date: Thu, 27 Jul 1995 04:59:55 -0700 From: "David E. Tweten" <tweten@tale.frihet.com> To: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> Cc: sef@kithrup.com, security@freebsd.org, mark@grondar.za, pst@stupi.se Subject: Re: secure/ changes... Message-ID: <199507271159.EAA12884@tale.frihet.com>
index | next in thread | raw e-mail
-----BEGIN PGP SIGNED MESSAGE-----
Quoting me, Rodney W. Grimes writes:
> > Our beta sites (currently a dozen or so) have been importing the DES
> > "munition" as our documentation suggests for over a year. Neither we nor they
> > have experienced any problem,
>
> And even that much of this paragraph is not here say. I have driven at
> well in excess of 150MPH down a freeway in Oregon and was not stopped
> or fined for doing so in any way, on numerious occasions, does that mean it
> is ``legal''. No, it simply means I did not get caught.
This is beginning to nibble at the edges of the real problem here, the
difficulty of proving a negative. To prove a specific act to be not "illegal"
in the U.S., in any absolute sense, requires that somebody be prosecuted and
convicted for it, and for that conviction to be overturned by the U.S. Supreme
Court. In all other circumstances, the act *might* be illegal. After all,
the law is what the Supreme Court says it is.
Under all other circumstances, one has to ballance the evidence, make a
personal judgement and take his chances. Your standard of ballance strikes me
as so conservative as to lead to paralysis. It is, of course, your right to
inflict paralysis upon yourself. It would be unfortunate if the FreeBSD
project were to follow your example.
Instead, I'd recommend considering the weight of the evidence, making a
judgement, and acting upon it. The evidence, as I've witnessed it is:
1) In a huge flood of net messages (thousands), on lists that care a lot about
the legal issues associated with crypto, no message has ever indicated that
*importation* of crypto into the U.S. is restricted under U.S. law.
2) MIT's lawyers seem unconcerned that MIT PGP includes *imported* crypto in
the form of the IDEA private key algorythm. On the other hand, MIT is taking
strong steps to secure its position against attack based upon patent and
crypto *export* considerations. That suggests to me that MIT's formidable
troup of lawyers has reviewed all aspects of PGP distribution and believes
that MIT's crypto *importation* is not a legal problem.
3) A single person on the net, Rodney W. Grimes, is sufficiently worried that
*importation* of crypto might be illegal that he recommends against it. He
offers no evidence to justify his dissenting position, and instead demands
evidence from the overwhelming majority that he is wrong.
I don't plan to waste any more time trying to provide him with the evidence.
Instead, I intend to ignore his advice on this topic in the future. I
recommend that course of action to the FreeBSD project, as well.
- --
David E. Tweten | PGP Key fingerprint = | tweten@frihet.com
12141 Atrium Drive | E9 59 E7 5C 6B 88 B8 90 | tweten@and.com
Saratoga, CA 95070-3162 | 65 30 2A A4 A0 BC 49 AE | (408) 446-4131
The only flags worth saluting are those you are permitted to burn.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBMBd/rcfwvsV7F2dJAQFqxAf/Q6NTI5ELO+q9PO81frD1Tj+Y/JZwoT2l
y5pDlV2cS8I5YR5l3KIy/R0Ct8N+Kny8SaDvFabV7WOpsqKTjlLjQGVT8eSM5i/U
oxL5s4o/iLY7fIP4vUB5KIIbfAIe6ELY73HpJtweocnGEJ0+kPmsjf5Ty3BI26c/
koH3uqTl9SXi1uWf5FmXnxWRgECj6YDO23QliiqdVqybSAHCIZ76M32qFTAp2keV
E/InEA+t7THo3K+0IS8JZFSVrZGTulj/mXHuO6dMYO+4ULaXsrnoO2ZA91fuMqiv
AKoFjtnxtkELB/m51/CPKN98CKRXgeiU/DxA46n0kgTRDgX3lJ7BOw==
=s3Ip
-----END PGP SIGNATURE-----
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199507271159.EAA12884>