isn't this what Bernstein's program that is the subject of a lawsuit in california does? On Thu, 5 Sep 1996, P. J. Ponder wrote:
keywords: ITAR, SHA, beneficial and innocuous crypto
The persistent reputation known as Bill Stewart wrote:
Date: Wed, 04 Sep 1996 23:09:17 -0700 From: Bill Stewart <stewarts@ix.netcom.com> To: Kent Briggs <72124.3234@compuserve.com> Cc: cypherpunks@toad.com Subject: Re: rc2 export limits..
I'm afraid my source is "Read it on the net and was surprised to hear it". My assumption is that the limit is for software that implements both signature and verification, since ITAR doesn't ban export of pure-authentication software.
The FIPS Pub (?180? ?181?) for the Secure Hash Algorithm (SHA) states in the fine print at the beginning that SHA is export controlled. I don't have the document to refer to right now, but it plainly states that SHA falls under ITAR. As a cryptographic hash function, why would it be controlled in this way?
How can I use SHA to encrypt something for someone else to decrypt? I know how to use it for authentication; am I missing something here?
ANFSCD:
I tried that OnNet32 e-mail software from FTP software. It runs under Windows95. It is a lot of material to download, and way too intrusive to install. It wants to metastasize itself into the innards of Microsoft Exchange and Inboxes, etc. What is it with all this complexity anyway? Why not just have a POP client that will check mail on the server?
It also wants you to store your mailbox password in it, as opposed to letting you enter it on a session-by-session basis. I don't like that.
sticking with PINE, PGP, and Xywrite II for now....
[This message may have been dictated with Dragon Dictate 2.01. Please be alert for unintentional word substitutions.] A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U.. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And #@&*! humid.