Date: Thu, 13 Jan 2000 20:31:45 -0700 From: Brett Glass <brett@lariat.org> To: security@freebsd.org Subject: Crypto regulations: Lucy pulls the football away? Message-ID: <4.2.2.20000113202656.01d66100@localhost>
next in thread | raw e-mail | index | archive | help
I've been poring over the proposed new crypto regulations, and think I see= =20 a serious problem vis-a-vis open source. The provision that allows the=20 export of source code, quoted at=20 http://www.cdt.org/crypto/admin/000110cryptoregs.shtml, says: >Also in =A7740.13, to, in part, take into account the "open source"= approach=20 >to software development, UNRESTRICTED encryption source code not subject=20 >to an express agreement for the payment of a licensing fee or royalty for= =20 >commercial production or sale of any product developed using the source=20 >code can, without review, be released from "EI" controls and exported and= =20 >reexported under License Exception TSU. Note the use of the qualifier "unrestricted" in the paragraph above. So,=20 what's "unrestricted?" The text one paragraph above gives what appears to=20 be an answer: >In =A7740.13, Technology and Software UNRESTRICTED, changes are made to=20 >reflect amendments to the Wassenaar Arrangement. Specifically, encryption= =20 >software is no longer eligible for mass market treatment under the General= =20 >Software Note. Encryption commodities and software are now eligible for=20 >mass market treatment under the new Cryptography Note in Category 5 - Part= =20 >2 of the CCL. This Note multilaterally decontrols mass market encryption=20 >commodities and software <b><i>up to and including 64-bits</i></b>. So, if I read the draft correctly, no open source crypto software that's=20 strong enough to protect anyone's privacy against a marginally competent=20 code cracker can be exported, even under the new rules. Am I off base here?= =20 I hope I am, but I fear I'm not. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000113202656.01d66100>