[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Lynx-SSL

You sent that last email to me personally - did you mean to Cc: the list,
perhaps?  I have Cc:ed this one back to the list.

--On Wed, May 13, 1998 11:47 pm +0100 "Tom Lees" <tom@lpsg.demon.co.uk>

> On Tue, May 12, 1998 at 12:02:54PM +0100, Jules Bean wrote:
>> --On Tue, May 12, 1998 10:24 am +0000 "Rev. Joseph Carter"
>> <knghtbrd@earthlink.net> wrote: 
>> > On Tue, May 12, 1998 at 06:28:58PM +1200, Carey Evans wrote:
>> >> I think these were probably illegally exported.
>> > 
>> > So?  They're out of the US jurisdiction now.  =>
>> #include <disclaimer/Im_not_a_lawyer.h>
>> Not true, of course.  All european countries and (for example) australia
>> new zealand have signed treaties with the US which mean that, in
>> a non_US citizen who broke a US law can be tried under US law.
> But, if you weren't the person who exported it... its not your problem,
> because YOU didn't break any law. As I understand it, exporting things
> illegally isn't the same sort of thing as stealing things - you can't be
> prosecuted for handling illegally-exported-goods (as opposed to
> illegally-imported-goods or just plain illegal goods, for which you can).
> Otherwise, a VERY large number of people could be prosecuted or refused
> entry to the US just for USING PGP - that's almost certainly every one of
> "us", so what the hell difference does it make anyway?

I believe you to be correct, here.

>> I am unaware of any test cases in cryptology (but they're common in
>> murder...)
> Sooooo.... Anyone here live in somewhere where that's not true?
> these would be so-called "non-extradition" countries).
> Also, they can always do something like ban you from entering the US.
> PS. I never understood why the US is so resistant on issues like these -
> all it does it create jobs outside the US as opposed to inside to handle
> these things in the free world.
> Hmmm, I wonder if exporting crypto in your mind (i.e. I know how to write
> a 1024-bit RSA algorithm type thing) is counted as illegal... what about
> (in the hypothetical future) when computers can read minds :)

This one is clear.

The basic concepts behind a public key algorithm cannot be restricted.  You
know, and I know, and most half-decent mathematicians in the world know,
about the difficulty of factorising large numbers, especially those which
are the product of two large primes, and we know how these concepts can be
exploited to design a public key encryption system.

Encryption routines like DES (which is not public key) are far more dull and

The patent is on the precise algorithm used.

The export restrictions are on actual computer programs (in source or binary
form) which implement these algorithms in a way which protects data.  These
are classed as 'munitions'.

In the same way, I cannot export a nuclear bomb from the US, but I can
export a book which explains how I might construct one.

Presumably the point of the gnupg project is to reimplement these
well-understood concepts (arithmetic of large numbers, prime factorisation,
etc.) in a new, and hence unpatented fashion.

Anyone who understand law well enough to correct me, please do - it is
probably fairly important to the debian project to get these things clear.


|  Jelibean aka  | jules@jellybean.co.uk         |  6 Evelyn Rd        |
|  Jules aka     |                               |  Richmond, Surrey   |
|  Julian Bean   | jmlb2@hermes.cam.ac.uk        |  TW9 2TF *UK*       |
|  War doesn't demonstrate who's right... just who's left.             |
|  When privacy is outlawed... only the outlaws have privacy.          |

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: