From owner-freebsd-hackers Wed Mar 8 15:59:27 1995 Return-Path: hackers-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id PAA26837 for hackers-outgoing; Wed, 8 Mar 1995 15:59:27 -0800 Received: from netmail.austin.ibm.com (netmail.austin.ibm.com [129.35.208.98]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id PAA26821; Wed, 8 Mar 1995 15:59:03 -0800 Received: from ozymandias.austin.ibm.com (ozymandias.austin.ibm.com [9.3.29.12]) by netmail.austin.ibm.com (8.6.10/8.6.10) with SMTP id RAA25449; Wed, 8 Mar 1995 17:57:54 -0600 Received: by ozymandias.austin.ibm.com (AIX 3.2/UCB 5.64/4.03-client-2.6) for mark@grondar.za at austin.ibm.com; id AA10873; Wed, 8 Mar 1995 17:57:48 -0600 From: sjb@austin.ibm.com (Scott Brickner) Message-Id: <9503082357.AA10873@ozymandias.austin.ibm.com> X-Mailer: exmh version 1.5.3 12/28/94 To: Joe Greco Cc: mark@grondar.za (Mark Murray), phk@ref.tfs.com, barry@nacm.com, hackers@freefall.cdrom.com, security@freefall.cdrom.com Subject: Re: key exchange for rlogin/telnet services? In-Reply-To: (Your message of Wed, 08 Mar 95 15:10:14 CST.) <9503082110.AA13357@brasil.moneng.mei.com> Mime-Version: 1.0 Content-Type: application/pgp ; format=mime ; x-action=signclear Date: Wed, 08 Mar 95 17:57:47 -0600 Sender: hackers-owner@FreeBSD.org Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset="us-ascii" > However, I still do not know if it is legitimate to provide such materials > to a non-US citizen, particularly since when you are "on" thud or another box, > copies of the code are still being transmitted out of the country, and as > I really am unclear on all this, I won't have that potentially over my head. If > Walnut Creek is clear on the legal issues, I would be more than happy to ask > Walnut Creek to issue me an account on one of their development boxes and > I will make my code available there, with suitable disclaimers and warnings. > If they feel that it is permissible to allow you to access the files, fine! > It is then either on your head or theirs, not mine. :-) But I will not > give you the code myself. I'm not a lawyer, so you can't blame me if I'm wrong, but I've been following the issues on the crypto export stuff fairly closely recently. As I understand the situation with Phil Zimmerman (the original author of PGP), the feds are after him even though he didn't do the exporting himself. He gave the code to another US person who did the posting. One story says this other party asked permission to poast the code, and another says they got the permission after the fact. But the customs people are still after Phil. Please be careful. The specific regulation has to do with the export of cryptographic material. If you described the changes necessary to the international version of the telnet code to someone outside the US, without including any of the crypto code in your messages I should think you'd be OK. You'd be divulging information in the pretty much the same manner in which Rivest et al. published their RSA information --- all perfectly legal. The folks on the other side can take the international secure code and use it in combination with your information. They'll have developed the secure telnet programs independently. I also recently heard that the top guy in the Canadian heirarchy with regard to import/export regulation enforcement said that he didn't consider it illegal to export cryptographic engines implementing internationally published algorithms. Since the ITAR (which is the US reg preventing crypto export) doesn't apply to export through Canada. I wouldn't trust this, though, as much of the information is second and third hand. - --------- Scott Brickner "The fox knows many things, but the badger knows one big thing." PGP key fingerprint = 34 56 09 D3 2C 58 15 4A 7B A5 E7 4C A0 73 6D 51 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBL15EdywYUwVEZqgBAQHWdAQAoz8LRH7gLPAkvInUL2gl+x+nI69aQA/+ ZGlDh4kc9o4EO9Gm2JgIfOu3SXTT9ejy1Mr5NYD6MYDvaysfvb+vJWbMVCWaNp29 egt3i9aPVyDxV735hw49fBjYfgRTfKAu7lSsSxRlnIXsuAS5JfqxKBK+xTS9hnB7 m916aDez/pw= =dar7 -----END PGP SIGNATURE-----