Peter Junger <junger@upaya.multiverse.com> writes:
Adam Back writes: : [rsa sig/t-shirt] : : While it's probably technically illegal to export, it clearly doesn't : get you in trouble to export it. Raph Levien sent off a Commodity : Jurisdiction Request together with a sample T-shirt to ask permission : to export the T-shirt under the ITAR regulations. They did not answer : his request. I presume that they viewed either a "yes" or a "no" as a : loose for them. If they say no, they open themselves for mockery in : the press, if they say yes, we progress the situation. Export on : paper? Floppy? Internet? Bigger programs.
Under the new Commerce Department export regulations it appears that encryption software printed as hard copy---and I think that T-shirts are hard enough for this purpose---can be freely exported. But the same material in electronic form may not be exported or placed on a web site without a license. So the T-shirts are now OK, but under the EAR it is still an offense to send the code in a sigfile to an international e-mail list.
This is interesting. It seems that this set up provides a potential test case similar to Phil Karn's one with the source code disks for Applied Cryptography, only much smaller, and much more silly looking, which I think would be a boon because the US government would have more difficulty defending the ban on export of something which would take 30 seconds to type in. The response to Phil's request to export the disks detailed that there was significant value added in the text having been OCRed/typed in and neatly arranged in files on a floppy. The .sig is also a few seconds to scan with a bar code reader. Bar codes are also interesting in this context, they are machine readable, and the 2D bar codes allow reasonable information density on a sheet of A4. Vince has a 2D barcode gif of the .sig on his Arms Trafficker page. If the perl rsa .sig were to be given permission to be exported in electronic form, over the years since the original RSA sig I have accumulated a collection of programs some donated by others, and a couple more myself. There is a good selection: IDEA, OTP, RC4, RC5, DES, Diffie-Hellman. Someone did an RSA keygen a while back. These vary in size and usefullness. It would be relatively easy to create something sufficiently functional and yet dangerous in a reasonably few lines. Full PGP compatible encrypt, signature check, and decrypt looks doable in under 2000 chars or so, easily 1 A4 page of text, or 2D barcode.
It is possible that the application for permission to export the T-shirt may have influenced this result.
That would be cool if accurate :-) Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`