Re: FW: Crypto

From: Sandy Harris (
Date: Thu Aug 03 2000 - 15:09:41 EST

Gerhard Mack wrote:

The whole discussion of Canadian law is actually off-topic. The question
is not whether we can distribute FreeS/WAN. We can, both from Canada and
from the European countries with the web sites. If policies in one or
more of those countries changes, we'll deal with that.

The question here is whether crypto code can now be included in kernels
distributed from the US, since US regulations have recently changed.
It appears it can be, so it seems obvious it should be. Let's get
back on topic and discuss what needs to be done to make that happen.

Linus et al:

What needs to be done to get the FreeS/WAB KLIPS (kernel IPSEC)
patches into the standard kernel distribution? Or should the target
be a KLIPS module that plugs cleanly into a standard kernel? What
about the encrypting file system stuff?


Currently FreeS/WAN and the random driver each contain copies of MD5
and SHA hash source code. There may be other duplications I'm not
aware of. What needs to be done to get the various kernel crypto
components to share code? How does this relate to similar work in
user space?

//// off-topic ////

That said, I'll correct mis-perceptions about Canadian law:

> This is BS .. there is no law I know of that makes the US laws apply.
> In
> fact as it sits we (Canada) are a fun loop hole in the US laws.

There's a treaty saying we'll help enforce US export restrictions
on goods of US origin.

It is not clear whether or how this applies to public domain code,
which is exempt from Canadian export restrictions. For commercial
code, though, you do need an export permit and the origin of the
code affects whether you get it.

This gets fairly complex.

e.g. At one point, the US tried to block Canadian subsidiaries
of US companies from trading with Cuba. Several of our politicians,
and I think a court, claimed this interference was illegal under
Canadian law in the case of Canadian-built equipment, tractors
or some such. They stuff shipped, and the US State dep't howled.

If it had been, say, Canadian-built tanks, that would have
required an export permit and I do not know if they'd have got

If it had been US-built tanks, the Canadian export permit
would have been refused. No question.

The Canadian gov't is far from anxious to antagonise the US
by helping anyone get around US law. The Canadian gov't has
its own policies, some of which the US may not like, but it
also co-operates closely with the US gov't. They have 10 times
our population and when it comes to trade, they are both our
largest customer and our largest supplier.

Also, whether or not Canada does anything, the US gov't. could lay
charges in the US against anyone exporting through Canada in
violation of US law. Likely they couldn't extradite, but they
could certainly be annoying, especially to US citizens or residents.

So FreeS/WAN is being very careful to ensure that US law clearly
does not apply. We won't even take a one-line bug fix from an
American, though we happily accpet problem reports.

> We are exempt from the crypto export restrictions but have no restrictions
> of our own. ...

We do have restrictions of our own. See gov't web site:

An analysis of Canadian law in this area:

Fortunately, these restrictions do not apply to public domain
software. The Wassenaar agreement says they shouldn't. Canada
has been complying with that for some years. The US has only
recently begun to partially comply; they now permit export
without a permit, but require notification.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon Aug 07 2000 - 21:00:11 EST