Here's a good site for Canadian crypto stuff: http://fractal.mta.ca/crypto/ > In fact, as far as pgp goes, Canadians are supposed to use the us > version of pgp (which uses rsaref) as Canada respects the RSA > patent. I keep hearing conflicting views on this - and I haven't seen anything definitive. The SSLEAY stuff I read seems to say that it is OK to use it in Canada (and everywhere else but the U.S.), but it must be linked with rsaref in the U.S. Most of the information I've seen says that the RSA patent is only valid in the U.S. Anyways, the Canadian policies are quite loose (and they specifically exempt free software) - so I don't see any problems. Also, "privacy" has been more of a political issue in Canada than other places, for example, we have a privacy commisioner. Plus, we have many large, politically savvy networking/software companies based in Ottawa (NorTel, Newbridge, Gandalf, Corel, etc.). All have a stake in cryptography either indirectly or directly (ie. Entrust). And these companies, plus the telecom companies, form a much larger part of the Canadian economy than the military/intelligence sector (who have no political clout at all following the Somalia debacle). In the U.S., it's different - the software industry is huge, but it developed by itself, far away from Washington, DC. As a result, it doesn't have voice, compared to the cronyism of the "military-industrial complex". So I'm pretty sure that U.S. crypto policy isn't going to change radically, until it is thrown out by the Supreme Court, or it becomes clear to those in charge that they don't have the slightest chance of winning the global "crypto-war". Unfortunately, Microsoft and Netscape are U.S. companies, so the U.S. administration still believes that it can exert control over the worldwide use of crypto. But they can't bully around people from other countries, so the whole U.S. policy is doomed to fail. Free Software has a large role to play in killing off this policy. It's sort of cool being on the "front lines" of a war where nobody gets hurt. :-) BTW, I've almost got the rc5-bovine package done - I only need to modify the "lwatchd" program to properly log output on stderr. Hopefully I'll release it today or tomorrow. Cheers, - Jim
Attachment:
pgp24OJl2NaZb.pgp
Description: PGP signature