Re: ITP seahorse
You're mostly right, but there still needs to be notification: it just has
to be concurrent, not previous like I thought. There is explicit
exemption of small keys, but those keys have been exempted all the
time. The big issue is that it's easier to get the review--submit and
go. Publically available (ftp/http) crypto is explicitly okay--no need to
check if a .foreigngov addy or a .badguys addy is DLing, but still needs
to be vetted: the only thing is it cannot be "knowingly" transmitted:
uploaded or emailed to a .badguy or .foreigngov
http://www.bxa.doc.gov/Encryption/Default.htm
http://www.bxa.doc.gov/Encryption/nlr.htm
and most of the rest of the "Encryption" directory
the 1/14/00 press release is at
http://204.193.246.62/public.nsf/docs/60D6B47456BB389F852568640078B6C0#a
BTW, it checks out--nslookup says it's going to DOCUSER.osec.doc.gov,
typical bureaucratic garbage, I'm guessing (but a PITA to hand paste--#$%^
synaptics touchpads...).
On Sat, 20 May 2000, Raul Miller wrote:
> On Sat, May 20, 2000 at 07:46:11PM -0600, John Galt wrote:
> > Has anyone submitted the non-US tree to Treasury so that it can be
> > reviewed and exported legally? Unless somebody's done that, the
> > current export control laws still prevent export of it...They've been
> > LOOSENED, not eliminated.
>
> Um.. true. But either I didn't understand the original topic, or the
> topic has just been changed.
>
> As I understand the current export regs, cryptography software with
> weak keys (defined as less than some number of key bits -- I think 40)
> can be exported without any special permits.
>
> Now, I've not studied this issue intensely, and regs change fairly
> quickly. But if I'm wrong, I'd like to see a reference to or a quote
> of the relevant regulation.
>
> Thanks,
>
>
--
Pardon me, but you have obviously mistaken me for someone who gives a
damn.
email galt@inconnu.isu.edu
Reply to: