Re: FW: Crypto

From: Michael H. Warfield (
Date: Wed Aug 02 2000 - 22:15:05 EST

On Wed, Aug 02, 2000 at 07:35:01PM -0700, H. Peter Anvin wrote:

> > > It USE to be it was the "taint" of US code on Canadian code. Much
> > > of FreeSWAN is developed in Canada. As long as there is no US code involved
> > > Canadian law holds and it can be exported. If the code contains any US
> > > code, US law holds (under a US / Canadian Treaty) and the code can NOT be
> > > exported from Canada.
> > ---
> > Geez...Maybe the code should be hosted in Netherlands? A
> > numbered Swiss ISP account?

> Seriously (or "Sealand" :) Note that there is nothing, as far as I
> can tell, that would keep us from integrating the FreeS/WAN group's
> work into the standard kernel. They still maintain their own code,
> and we integrate their work. Now, they might have difficulties with
> this because of the lack of an "untainted" code base to work against.


        At the very LEAST we need the KLIPS stuff integrated into the
kernel (the rest of the stuff is pluto/IKE). It's been discussed and
we, obviously, can integrate it into the kernel from their standpoint
and from ours (now), here in the US. Look at the integration of USB
and PCMCIA. These are taking place now. With the relaxed regulations,
crypto code is really no different than anything else.

        <Soap Box>

        Before someone raises the spectre of China or Russia (again), I've
just come back from two weeks in China and seen a few things first hand.
I've seen an RSA rep lay out the entire crypto system in Chinese in front
of a Chinese audience. I've heard a minister from the Ministry of
Information Industry address a major E-Commerce convention and tell of
the NEED for insured privacy and the need for security and cryptography.
I've talked with a Chinese cryptographer in Xi'an whose major complain
was the lack of information coming from the US based source and the
difficulty in obtaining information. I have three different organizations
who want me (a US citizen) to consult with them (Chinese corporations)
about implimenting strong cryptography, crypto systems, and certifying

        Adding cryptography to the kernel, at this point, would not
inhibit the adoption of Linux in these countries. On the contrary, they
are more wary of closed-source "US backdoor enabled" (their view)
cryptography. We will do more to promote BOTH cryptography and Linux
by adding it to the kernel.

        I've been holding off on this for a few weeks while I got caught
up from spending two weeks in China as a delegate and a representative from
ISOC to China but I have a request for EVERYONE!

        If you want to talk on cryptography issues, please respect the
countries you want to talk ABOUT. There ARE participants on this list
from China and from Russia and from France and from others. A number of
them in China approached me in the Universities in Bejing and Xi'an and
Tianjin and at the conferences. I have E-Mail friends in Russia whom I
have met through this list on other issues (SMBFS and other drivers).
They read this list and they recognized me from this list. They are here
and they do participate. It makes NO SENSE for us to speak for them.
They are perfectly capable AND WILLING to talk about conditions in their
countries. When we say we can't add cryptography to Linux because
cryptography is illegal in China, we do the Chinese a severe disservice.
They can speak for themselves and anyone who does not have first hand
experience there has no idea what is taking place there. I will not lay
claim to that either. I will ONLY claim to have enough experience, in
two weeks, to realize that my preconceived notions of what is and is not
the Chinese position on cryptography was totally uninformed and wrong.
I will also say that my preception, based on those two weeks, is ALSO
probably wrong. There are many factions and much depth to Chinese society
and government, more that two weeks on a delegation can begin to explore.
Let THEM speak for themselves!

        </Soap Box>

        ITMT... The time is right to seal the deal. KLIPS belongs in the
kernel. Cryptography belongs in the kernel. We don't want to see Linus's
Quake III daemon imitation, so it's not going to be 2.4.0! But the time
has come and it needs to be in 2.5.x and it needs to be in 2.4.x as soon
as we can get over the hurdle of getting 2.4.0 out the door.

        My $0.02.

> -hpa

> --
> <> at work, <> in private!
> "Unix gives you enough rope to shoot yourself in the foot."


 Michael H. Warfield    |  (770) 985-6132   |
  (The Mad Wizard)      |  (770) 331-2437   |
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon Aug 07 2000 - 21:00:10 EST