[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: South African Law on Crypto Providers

On Thu, 2002-10-03 at 09:30, Joe Moore wrote:
> Jeff Licquia <licquia@debian.org> wrote:
> (quoting the relevant law)
> > There is a definitions section, in which we find:
> > 
> > -----
> > "cryptography product" means any product that makes use of
> > cryptographic techniques and is used by a sender or recipient of data
> > messages for the purposes of ensuring--
> > (a) that such data can be accessed only by relevant persons;
> > (b) the authenticity of the data;
> > (c) the integrity of the data; or
> > (d) that the source of the data can be correctly ascertained;
> Wouldn't TCP and UDP checksum functions fall into "ensuring the integrity of
> the data"?
> Sounds like South Africa is about to kick itself off the Internet.

That would depend if the checksums are considered "cryptographic
techniques".  I don't think they are.

The difference between something like packet checksums and MD5 is that
MD5 was designed with certain characteristics that make it useful for
crypto.  For example, it's "hard" (in the crypto sense) to create a
plaintext that generates a given MD5 checksum; this isn't a
characteristic of most checksum functions.

Also, in the legal sense, this might be considered "an unreasonable
interpretation" of the law.  It might be "obvious" that the law isn't
intended to restrict every single TCP connection made in ZA.  In truth,
any part of my analysis could be invalidated in this way by the courts;
I'm just guessing that the issues I brought up are the least likely to
be treated in this way.

Reply to: