Re: S/MIME outside the US?
At 10:49 PM 2/24/96 -0500, Lewis wrote:
volley@lls.se writes:
If I got things right, DES is "exportable" as long as the keysize is kept under a certain size, which is too small to be really secure?
All things are exportable as long as the keysize is kept under a certain size, which is too small to be really secure.
That's not correct - you can only export crypto code from the US for which you have Permission, and they'll only give you Permission if it's weak crypto or you agree to be Well-Behaved (e.g. US banks can export real DES for talking to other banks, but US banks can be subpoenaed and forced to hand over the plaintext.) There have been people who've gotten export permission for modified DES, e.g. real 56-bit DES with the key chosen from a 40-bit keyspace. I'm assuming from volley's address that he or she is in Sweden, and thus not directly limited by US export laws. Write what you want, and post it somewhere outside the US; we can import it legally. As a non-American, you probably couldn't get US export permission for even 40-bit RC4, and maybe not even for rot13. #-- # Thanks; Bill # Bill Stewart, stewarts@ix.netcom.com / billstewart@attmail.com +1-415-442-2215 # http://www.idiom.com/~wcs Pager +1-408-787-1281
Bill Stewart wrote:
At 10:49 PM 2/24/96 -0500, Lewis wrote: I'm assuming from volley's address that he or she is in Sweden, and thus not directly limited by US export laws. Write what you want, and post it somewhere outside the US; we can import it legally. As a non-American, you probably couldn't get US export permission for even 40-bit RC4, and maybe not even for rot13.
Lurk Mode Off....... I don't suppose there's anyone out there who may be interested in working with an non-american InfoSec integrator in integrating encryption with email /messaging and other applications? I assume that there is a legal difference between "working with" and "developing for" AFA ITAR is concerned. Thanks........Lurk Mode On.......
I wrote: # All things are exportable as long as the keysize is kept under a # certain size, which is too small to be really secure. Bill Stewart writes:
That's not correct - you can only export crypto code from the US for which you have Permission,
Well, sure. I can only say so many obvious things in one message :}
and they'll only give you Permission if it's weak crypto or you agree to be Well-Behaved (e.g. US banks can export real DES for talking to other banks, but US banks can be subpoenaed and forced to hand over the plaintext.)
You didn't quote my next sentence, which was (according to http://www.hks.net/cpunks/cpunks-24/1417.html) # (Unless they're used for banking, or only # for authentication, or you're only taking it with you for personal use on # a trip, or....) -Lewis
participants (3)
-
Bill Stewart -
lmccarth@cs.umass.edu -
Peng-chiew Low