Mark> ... g. Data authentication equipment that calculates a Mark> Message Authentication Code (MAC) or similar result to Mark> ensure no alteration of text has taken place, or to Mark> authenticate users, but does not allow for encryption of Mark> data, text or other media other than that needed for the Mark> authentication;
But wasn't that the gist of Rivest's paper: he's not encrypting the message, he's just obscuring it really, really well.
All this needs someone with the cash & the time to push it to court...
Actually, the first parts I quoted applied to chaffing and winnowing too: a. Designed or modified to use ``cryptography'' employing digital techniques to ensure ``information security''; b. Designed or modified to perform cryptanalytic functions; c. Designed or modified to use ``cryptography'' employing analog techniques to ensure ``information security''; Part a. basically prevents any sort of "encryption" technique, whether that technique uses a normal encryption algorithm, a hash function, or quantum cryptography -- anything that can be used for "information security" I think that the NSA knew about chaffing and winnowing, and they talked with the people who wrote the EAR and helped them make the legislation cover chaffing and winnowing. Please know that I, in no way, like the EAR; it just seems that everyone's hopes that chaffing and winnowing gets around the export controls are invalid. The EAR doesn't care *how* you do the encryption, it only cares that some sort of "encryption" was performed. Are there any legal-types out there that can give a more definitive answer? - Mark Rosen http://www.mach5.com/