At 11:22 AM -0400 5/9/97, Will Rodger wrote:
-----BEGIN PGP SIGNED MESSAGE-----
At 10:39 PM 5/8/97 +0000, Rick Smith wrote:
These "new" regulations "to be issued" are scrambling to catch up with previous and current practices. It doesn't change things at all.
I disagree. Here's why:
New regs unquestionably do change things for US banks. Right now banks may export nothing stronger than unescrowed DES. Period.
Interesting. That's inconsistent with what was said in the NRC crypto policy report. The report stated or at least implied that any commercial crypto equipment could be exported for sale to a financial institution, though it had to get an export license. (sorry for imprecision, I don't have my copy handy). You seem to be suggesting that the licenses were consistently denied or permanently delayed for stronger crypto. I can believe it -- a bureacracy can hide lots of unwritten rules behind a poorly documented licensing procedure. I personally don't know of an example of stronger crypto being exported to an overseas financial institution. However, you're probably right in saying this is a big improvement for commercial software doing strictly financial crypto. If the BXA produces similar rules to those they recently drafted, then some types of products will indeed be easier to export. OpenMarket et al took a risk when they took on the bureacracy to try to get an export license based on what looked like an acceptable practice. I agree it must have been an ugly process to go through, and would be vastly improved by explicit regulation. Rick. smith@securecomputing.com secure computing corporation