Date: Wed, 26 Jul 1995 04:49:10 -0700 From: "David E. Tweten" <tweten@tale.frihet.com> To: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> Cc: sef@kithrup.com (Sean Eric Fagan), security@freebsd.org, mark@grondar.za, pst@stupi.se Subject: Re: secure/ changes... Message-ID: <199507261149.EAA08682@tale.frihet.com>
next in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE-----
Referring to crypto imports, Rodney W. Grimes wrote:
> Also you have to look at the applicable
> laws from where the goods originate, even if US law does not restrict the
> import of DES, the laws of many other contries forbid it's export.
Point well taken. In fact, several countries (notably France and Russia) make
simple posession and use of crypto software illegal without a license, much
less export (and good luck trying to get the license). South Africa and the
Netherlands, on the other hand seem to have no restrictions on posession or
export, which is why anonymous ftp sites for crypto tend to be in those two
countries.
> Not some one who has done
> DES exporting, I know that can be done, it just takes paper work (on a
> per copy basis, I know all about it, been there done that, is what
> _NO_ one has done is go try to find out exactly what paper work customs
> want to allow the stuff accross the boarder if you clearly point them
> at the fact this stuff _is_ on the munitions list).
If my memory serves, Prof. Matt Bishop, of U.C. Davis (a nationally
recoginized computer security type) did something like what you suggest. He
tried to temporarily export an AT&T secure phone containing a Clipper chip.
He found that Customs was supposed to be the agency with the appropriate
paperwork, the local Customs office said the folks at the airport would have
the necessary forms, and that the Customs folks at the airport weren't
interested. He finally got the airport Customs head honcho to write him a
note saying it was okay, and presented that note upon his return. His paper
on the subject made amusing reading.
> You might just be
> in for a very big suprize, or I might be all wet. But I am not willing
> to risk Grand Jury indictment on this here say information.
I'll suggest that since your opinion on crypto import is a minority (of one)
opinion on the net (at least as I observe the net), the burden of proof is
yours. If you would like to sample the net conventional wisdom on the
subject, just follow any crypto-related news group for a week or so.
- --
David E. Tweten | PGP Key fingerprint = | tweten@frihet.com
12141 Atrium Drive | E9 59 E7 5C 6B 88 B8 90 | tweten@and.com
Saratoga, CA 95070-3162 | 65 30 2A A4 A0 BC 49 AE | (408) 446-4131
The only flags worth saluting are those you are permitted to burn.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBMBYrqMfwvsV7F2dJAQEarwf9H7muBnqhzgLsQodLvlYrKAGJDdyDWW8a
tJcFlVZ5eTTkrzRlTE232frWttHpW9AG5nPEFLPSo61CVnCHTO32hpzUJ9cxnvFj
fTPfj+Ftvy95SSf8Y5c/b+/uM0aoF6A3jTsVh9frd0Dr0Mao2DZfkfr+QBVxd3pQ
4yCh7LqwEgUN9hzyJXWXFjNtl6+WU3zQObd4TiZTuQSU9l0P72I0Br/qxo2Sf0q/
RzZyuo2lcfFOhipkc5ayAzenqsaaYYqsN9ttzpDL9rQ4qkE1ISM2WCIE+8h5loN4
YICmbLT+ClEYriYb+fvZm5KqfuqreLD/x9O3fLB5AFJPMh6Q62/PUg==
=o4Pd
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199507261149.EAA08682>