(cc'd to a couple of people who's name is mentioned in second half) Bill Stewart <stewarts@ix.netcom.com> writes:
Tim May <tcmay@got.net> writes:
Not to be tedious about this, but why would "lines of code" be an interesting metric?
Yeah - I was thinking of the following entries: Adam Back RSAperl 4 lines Adam Back et al. RSAperl 2 lines
I don't think anybody's made a T-Shirt with SSLeay on it yet :-)
:-)
(Though actually SSLeay has been very useful to a lot of the world's free cryptography, and has prompted the US spooks to pressure the Australian spooks into restricting crypto exports, just as they've pressured the NZs into restricting them for Peter Gutman, and have been trying to work on the Irish...)
Could you elaborate on these. I caught Peter Gutmann's comments on the hassles a company he did some work for were having with the NZ spooks. (The spooks intercepted their mailed disk, plus some other cloak and dagger spookish stuff). Is this still going on, was it ever resolved? Can the next version of cryptlib be exported legally? Or are we relying on Peters bravery? I remember vaguely some announcments about Australia. Has Eric said anything on this, has anything been enforced, is it legal to export SSLeay from down under? Ireland is new to me. What's their problem? Who's exporting things to attract spook export attention over there? (There are quite a lot of high tech companies over there, it's a sort of Euro silicon valley, mostly due to tax breaks, 10% corporation tax, etc). Btw, the UK has it's own problems also. You can export whatever you want in `intangible form', but to post something in a tangible form, such as perhaps a CD (or a perl-rsa T-shirt?) you need permission from DTI in consultation with GCHQ. There are several forms of license you can get depending on what GCHQ think of your product and of you politically. These vary between getting a license to export pretty much anywhere except embargoed countries (Iraq, China, etc) without further hassle, to having to ask for export permission on a case by case basis, going down to permission for repeat exports to the same customer. The heuristic by which permission is handed out is nearly impossible to extract from the beaurocrats/spooks. (Give us protocols, and a customer, and we'll tell you.) I have it unofficially from the hosses mouth that if you make use of the intangible export loophole, that it might "reduce" your chances of getting permission to export tangibly. I thought Ireland was similar, being based on European legislation, though perhaps with less of an axe to grind than GCHQ, being as GCHQ (CESG) are the authors of the euro GAK, (CASM/Cloud Cover/Royal Holloway TTP scheme) and the TTP paper which caused a fuss last month. Adam -- Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/ print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`