From owner-freebsd-security Sun Feb 16 12:14:03 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA23823 for security-outgoing; Sun, 16 Feb 1997 12:14:03 -0800 (PST) Received: from vinyl.quickweb.com (vinyl.quickweb.com [206.222.77.8]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA23813 for ; Sun, 16 Feb 1997 12:13:59 -0800 (PST) Received: from localhost (mark@localhost) by vinyl.quickweb.com (8.7.5/8.6.12) with SMTP id PAA08067; Sun, 16 Feb 1997 15:14:31 -0500 (EST) Date: Sun, 16 Feb 1997 15:14:31 -0500 (EST) From: Mark Mayo To: Warner Losh cc: Poul-Henning Kamp , security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sat, 15 Feb 1997, Warner Losh wrote: > In message <11871.855990294@critter.dk.tfs.com> Poul-Henning Kamp writes: > : Theo belives he can export anything just because he is in Canada. > > He can. That's what Candian law states. He's looked into it. More > importantly, others unrelated to the OpenBSD project have looked into > it and have recieved the necessary permissions to export their > cryptographic code. This is true: Item 1000 in the ECL is a General Technology Note (GTN) and a General Software Note (GSN). These notes permit the export of "software" or "technology" that is "in the public domain", and also permit the export of "basic scientific research". "In the public domain" simply means that there are no distribution restrictions. FreeBSD applies, I believe. Since I am Canadian, it is legal for me to export Cryptography (with the exception of a few countries..) software and 'technology'. I would certainly be willing to distribute FreeBSD software on my server - including DES (the Canadian version). On that note, I'm a little curious.. our laws state that the exprted software must be >50% Canadian Content... The DES package, for example, is only 15% US, so it can be exported (along with Kerberos, and SFS). I wonder how they define Canadian content... Okay, I live in Canada.. what if I gave access to my 'canadian machines' to US developers - would the final code be considered Canadian? It was developed "in Canada", since the machines on are Canadian soil. I'm going to check into this, since it could be a great way to get around moronic US export laws! Perhaps the bodies must me in Canada as well - I'll check. At any rate, it only applies in the case that US developers work on cryptography software - since the US has prosecuted Canadians for exporting US cryptography, the government warns. If people from more enlightened governments develop on Canadian machines, everything is okay and I can export to my hearts content. Sort of similar to the Canada/Cuba thing and the US gov. bitching about extradited US property being 'illegally' used by Canadian business (tell ya' what, if America gives back the British capitals seized during the American revolution, Canada/Cuba will give back the US capitals seized during the Cuban revolution...). Anways, I'm going to research the Canadian export laws some more, and see how anal my gov. really is. It might be necessary to move the main FreeBSD distribution out of the US if the US gov. doesn't smarten up soon. A site in Europe and one in Canada would server both continents. -Mark ---------------------------------------------------------------------------- Mark Mayo mark@quickweb.com RingZero Comp. http://vinyl.quickweb.com/mark ---------------------------------------------------------------------------- "I prefer tongue-tied knowledge to ignorant loquacity." Cicero (106-43 B.C.)