Date: Thu, 27 Jul 1995 04:59:55 -0700 From: "David E. Tweten" <tweten@tale.frihet.com> To: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> Cc: sef@kithrup.com, security@freebsd.org, mark@grondar.za, pst@stupi.se Subject: Re: secure/ changes... Message-ID: <199507271159.EAA12884@tale.frihet.com>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Quoting me, Rodney W. Grimes writes: > > Our beta sites (currently a dozen or so) have been importing the DES > > "munition" as our documentation suggests for over a year. Neither we nor they > > have experienced any problem, > > And even that much of this paragraph is not here say. I have driven at > well in excess of 150MPH down a freeway in Oregon and was not stopped > or fined for doing so in any way, on numerious occasions, does that mean it > is ``legal''. No, it simply means I did not get caught. This is beginning to nibble at the edges of the real problem here, the difficulty of proving a negative. To prove a specific act to be not "illegal" in the U.S., in any absolute sense, requires that somebody be prosecuted and convicted for it, and for that conviction to be overturned by the U.S. Supreme Court. In all other circumstances, the act *might* be illegal. After all, the law is what the Supreme Court says it is. Under all other circumstances, one has to ballance the evidence, make a personal judgement and take his chances. Your standard of ballance strikes me as so conservative as to lead to paralysis. It is, of course, your right to inflict paralysis upon yourself. It would be unfortunate if the FreeBSD project were to follow your example. Instead, I'd recommend considering the weight of the evidence, making a judgement, and acting upon it. The evidence, as I've witnessed it is: 1) In a huge flood of net messages (thousands), on lists that care a lot about the legal issues associated with crypto, no message has ever indicated that *importation* of crypto into the U.S. is restricted under U.S. law. 2) MIT's lawyers seem unconcerned that MIT PGP includes *imported* crypto in the form of the IDEA private key algorythm. On the other hand, MIT is taking strong steps to secure its position against attack based upon patent and crypto *export* considerations. That suggests to me that MIT's formidable troup of lawyers has reviewed all aspects of PGP distribution and believes that MIT's crypto *importation* is not a legal problem. 3) A single person on the net, Rodney W. Grimes, is sufficiently worried that *importation* of crypto might be illegal that he recommends against it. He offers no evidence to justify his dissenting position, and instead demands evidence from the overwhelming majority that he is wrong. I don't plan to waste any more time trying to provide him with the evidence. Instead, I intend to ignore his advice on this topic in the future. I recommend that course of action to the FreeBSD project, as well. - -- David E. Tweten | PGP Key fingerprint = | tweten@frihet.com 12141 Atrium Drive | E9 59 E7 5C 6B 88 B8 90 | tweten@and.com Saratoga, CA 95070-3162 | 65 30 2A A4 A0 BC 49 AE | (408) 446-4131 The only flags worth saluting are those you are permitted to burn. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMBd/rcfwvsV7F2dJAQFqxAf/Q6NTI5ELO+q9PO81frD1Tj+Y/JZwoT2l y5pDlV2cS8I5YR5l3KIy/R0Ct8N+Kny8SaDvFabV7WOpsqKTjlLjQGVT8eSM5i/U oxL5s4o/iLY7fIP4vUB5KIIbfAIe6ELY73HpJtweocnGEJ0+kPmsjf5Ty3BI26c/ koH3uqTl9SXi1uWf5FmXnxWRgECj6YDO23QliiqdVqybSAHCIZ76M32qFTAp2keV E/InEA+t7THo3K+0IS8JZFSVrZGTulj/mXHuO6dMYO+4ULaXsrnoO2ZA91fuMqiv AKoFjtnxtkELB/m51/CPKN98CKRXgeiU/DxA46n0kgTRDgX3lJ7BOw== =s3Ip -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199507271159.EAA12884>