Date: Thu, 13 Jan 2000 20:31:45 -0700 From: Brett Glass <brett@lariat.org> To: security@freebsd.org Subject: Crypto regulations: Lucy pulls the football away? Message-ID: <4.2.2.20000113202656.01d66100@localhost>
next in thread | raw e-mail | index | archive | help
I've been poring over the proposed new crypto regulations, and think I see a serious problem vis-a-vis open source. The provision that allows the export of source code, quoted at http://www.cdt.org/crypto/admin/000110cryptoregs.shtml, says: >Also in §740.13, to, in part, take into account the "open source" approach >to software development, UNRESTRICTED encryption source code not subject >to an express agreement for the payment of a licensing fee or royalty for >commercial production or sale of any product developed using the source >code can, without review, be released from "EI" controls and exported and >reexported under License Exception TSU. Note the use of the qualifier "unrestricted" in the paragraph above. So, what's "unrestricted?" The text one paragraph above gives what appears to be an answer: >In §740.13, Technology and Software UNRESTRICTED, changes are made to >reflect amendments to the Wassenaar Arrangement. Specifically, encryption >software is no longer eligible for mass market treatment under the General >Software Note. Encryption commodities and software are now eligible for >mass market treatment under the new Cryptography Note in Category 5 - Part >2 of the CCL. This Note multilaterally decontrols mass market encryption >commodities and software <b><i>up to and including 64-bits</i></b>. So, if I read the draft correctly, no open source crypto software that's strong enough to protect anyone's privacy against a marginally competent code cracker can be exported, even under the new rules. Am I off base here? I hope I am, but I fear I'm not. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000113202656.01d66100>