On Thu, 31 Oct 1996, Jim Nance wrote:
> Forwarded message:
>
> > >Export of _any_ encryption algorithm (not just DES) from the US to
> > >anywhere (except Canada?) is illegal without the proper permits.
> >
> > Are you sure about this? I always understood it to be export of
> > encryption technology based on keys greater than a given length
> > (currently 40 bits? 56 bits?) that was illegal. Export of anything
> > less than this key length is allowed.
>
> The original poster is right. You can not export ANY encryption software
> from the US without permission from the government. The 40 bit key is a
> rule of thumb for something to do which will probably allow you to get
> approval for export.
Yep, according to what I can find the good ol' government can refuse to
allow the export of any product using cryptography if it so desires.
The 40 bit (soon to be 56, I believe) limit usually just assures the
producer the government won't bother wasting its time on something it
could crack with less man time.
Oh, and on another point...I believe it is illegal to import only public-
key algorithms for US citizens. The PKP (Public Key Partners) hold a
patent until some time early next century on these. For instance, when
I downloaded SSLeay, I had to go through contortions to make it use
RSA's sslref library instead of Eric's own implementation.
- Pete
- ------------------------------
Peter Rival
Unix Systems Administrator
Daniel Webster College
ops@dwc.edu
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMnkN1zkUd9WlV5D5AQHfMQQAulglht/jESnixWQFxLD+kruFA3eN7m9j
nv7Rr7dMZYU+MXDLs8sAZ1GyMnBwfwhgA9l63Mz8TxBW68VI8+Avb4uQz0Ff/qsN
ccK1A5y10WbnAi1m7CoTy2Wmgh7gbpSLqwLL92262YgnZGCuKhg4Kc6C5ji9zJPd
ytG5/CJ8nBU=
=B84T
-----END PGP SIGNATURE-----