BRIAN MCBEE <opac!brian%OPAC.osl.or.gov@cs.orst.edu> writes:
Since the only reason we are talking about RIPEM is because of legality
concerns about PGP, I thought I'd mention that it is (at least theoretically)
illegal to export RIPEM from the US, annd therefore could not be legally used
to correspond with persons overseas.
I don't know if there is a legal way to do public key cryptography between
persons inside the US and persons outside the US.
What is illegal to export is the software implementations of strong cryptography, not messages encrypted with them, or even detailed specifications of how to implement compatible software. So, theoretically, if a group in each COCOM-complying country and a group out of the reach of COCOM each independently implemented software to do the public-key cryptography (the U.S. group is the only one that will have to worry about licensing PKP's patents), then trading encrypted mail would be unquestionably legal. It would also be a lot of wasted work and duplicated effort, and I don't see any reason to respect the laws that make exporting or importing this software illegal. RIPEM has no doubt escaped the U.S. since RSADSI put it up for anonymous FTP last week, and PGP is everywhere. Joe