Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 08 Mar 95 17:57:47 -0600
From:      sjb@austin.ibm.com (Scott Brickner)
To:        Joe Greco <jgreco@brasil.moneng.mei.com>
Cc:        mark@grondar.za (Mark Murray), phk@ref.tfs.com, barry@nacm.com, hackers@freefall.cdrom.com, security@freefall.cdrom.com
Subject:   Re: key exchange for rlogin/telnet services? 
Message-ID:  <9503082357.AA10873@ozymandias.austin.ibm.com>
In-Reply-To: (Your message of Wed, 08 Mar 95 15:10:14 CST.) <9503082110.AA13357@brasil.moneng.mei.com> 

next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----

Content-Type: text/plain; charset="us-ascii"

> However, I still do not know if it is legitimate to provide such materials
> to a non-US citizen, particularly since when you are "on" thud or another box,
> copies of the code are still being transmitted out of the country, and as
> I really am unclear on all this, I won't have that potentially over my head.  If
> Walnut Creek is clear on the legal issues, I would be more than happy to ask
> Walnut Creek to issue me an account on one of their development boxes and
> I will make my code available there, with suitable disclaimers and warnings. 
> If they feel that it is permissible to allow you to access the files, fine! 
> It is then either on your head or theirs, not mine.  :-)  But I will not
> give you the code myself.

I'm not a lawyer, so you can't blame me if I'm wrong, but I've been following 
the issues on the crypto export stuff fairly closely recently.  As I 
understand the situation with Phil Zimmerman (the original author of PGP), the 
feds are after him even though he didn't do the exporting himself.  He gave 
the code to another US person who did the posting.  One story says this other 
party asked permission to poast the code, and another says they got the 
permission after the fact.  But the customs people are still after Phil.  
Please be careful.

The specific regulation has to do with the export of cryptographic material.  
If you described the changes necessary to the international version of the 
telnet code to someone outside the US, without including any of the crypto 
code in your messages I should think you'd be OK.  You'd be divulging 
information in the pretty much the same manner in which Rivest et al. 
published their RSA information --- all perfectly legal.  The folks on the 
other side can take the international secure code and use it in combination 
with your information.  They'll have developed the secure telnet programs 
independently.

I also recently heard that the top guy in the Canadian heirarchy with regard 
to import/export regulation enforcement said that he didn't consider it 
illegal to export cryptographic engines implementing internationally published 
algorithms.  Since the ITAR (which is the US reg preventing crypto export) 
doesn't apply to export through Canada.  I wouldn't trust this, though, as 
much of the information is second and third hand.
- ---------
Scott Brickner
"The fox knows many things, but the badger knows one big thing."
PGP key fingerprint = 34 56 09 D3 2C 58 15 4A  7B A5 E7 4C A0 73 6D 51


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBL15EdywYUwVEZqgBAQHWdAQAoz8LRH7gLPAkvInUL2gl+x+nI69aQA/+
ZGlDh4kc9o4EO9Gm2JgIfOu3SXTT9ejy1Mr5NYD6MYDvaysfvb+vJWbMVCWaNp29
egt3i9aPVyDxV735hw49fBjYfgRTfKAu7lSsSxRlnIXsuAS5JfqxKBK+xTS9hnB7
m916aDez/pw=
=dar7
-----END PGP SIGNATURE-----




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9503082357.AA10873>