At 16:22 6/3/96, jim bell wrote:

A signature is just that: A signature. It doesn't encrypt or decrypt. It doesn't even ALLOW the system it's in to encrypt or decrypt, because there are numerous encryption programs written that have no need for such a signature. If no program existed which _used_ that signature, nobody would think twice about exporting it.

The fact is, it is LEGAL to import encryption code into the US. It is LEGAL to generate an hash of that code, and it is LEGAL to export that hash. To believe otherwise is to broadly expand the scope of export laws far beyond what they were intended to mean.

First, the ITAR are not laws, but regulations. Second, there are many that believe that applying ITAR to crypto software is already expanding the scope of the regulations far beyond what they were intended to mean. Let us not forget that the ITAR were written to prevent the proliferation of military technology. Applying them to mass market crypto software does not aid this original goal in any way. At one point, the existing ITAR began to be used to further a cause utterly unrelated to their original intend: limiting the domestic market penetration of strong crypto systems. Disclaimer: My opinions are my own, not those of my employer. -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.