Wassenaar summary (and a funny new loophole)
The Wassenaar Arrangement has put up the Dec. 3 lists agreed to by members:
To summarize the crypto rules: Software is freely exportable if it has been made available without restrictions upon its further dissemination. Copyright restrictions do not count. Mass market cryto software is no longer covered by the General Software Note, but by a Cryptography Note. Under that note, mass market software and hardware is not controlled if it does not use symmetric keys longer than 64 bits and the cryptographic functionality cannot easily changed by the user. Systems that do not meet those conditions are export-controlled if they use symmetric encryption with more than 56 bit keys, algorithms based on factorization or on logarithms in finite fields with more than 512 bit keys (e.g. RSA, DH) or on discrete logarithms in other groups (such as elliptic curves) with more than 112 bits. They may be exported for personal use. There are exceptions for execution of copy-protected software and read-only media and for phones without end-to-end encryption. The list contains an amusing editorial error which would for the first time allow the export of strong crypto hardware. "Symmetric algorithm" is defined to mean 'a cryptographic algorithm using an identical key for both encryption and decryption', whereas an algorithm using 'different mathematically-related keys for encryption and decryption' is an "asymmetric algorithm". Since the definition differentiates algorithms by symmetry rather than by their cryptographic properties, there is no restriction whatsoever on asymmetric secret-key encryption algorithms. Those algorithms typically are not based on factorization or discrete logarithms. That is, they are no longer controlled by the Wassenaar arrangement. Better yet, mass-market crypto systems are not controlled if they 'do not contain a "symmetric algorithm" employing a key length exceeding 64 bits'. So you can use, say, 2048 bit RSA with an asymmetric secret-key algorithm of 128 bit key length (so the system does not contain a symmetric algorithm), and you're free to export it.
Ulf Möller wrote:
Since the definition differentiates algorithms by symmetry rather than by their cryptographic properties, there is no restriction whatsoever on asymmetric secret-key encryption algorithms. Those algorithms typically are not based on factorization or discrete logarithms. That is, they are no longer controlled by the Wassenaar arrangement.
Hmm - so if I defined a new crytpo algorithm, SED3, say, that looks like this: SED3(k,x)=3DES(backwards(k),x) where backwards(k) is k with its bits written backwards, then the 3DES/SED3(k1,k2) combination is exportable (where k1 is related to k2, of course, by k2=backwards(k1))? Cheers, Ben. -- Ben Laurie |Phone: +44 (181) 735 0686| Apache Group member Freelance Consultant |Fax: +44 (181) 735 0689|http://www.apache.org/ and Technical Director|Email: ben@algroup.co.uk | A.L. Digital Ltd, |Apache-SSL author http://www.apache-ssl.org/ London, England. |"Apache: TDG" http://www.ora.com/catalog/apache/
Unfortunately, since Wassenaar is not the law, only an agreement by bureaucrats to make laws or regulations sort of like it if they can talk their pet legislatures into rubberstamping them, this doesn't help.
You can't take a bureaucrat to court and insist that she rescind a regulation that was stronger than the Minimum Daily Repression specified in the "Arrangement" - you can only insist on whatever your nation's constitution (if any) or fundamental rights document (if any) specifies, or perhaps go to the World Court or some European Union or European Community court and argue the case there. But most of these rights documents say things like "except for national security" and aren't very enforceable even if they do plainly state that your rights are stronger than that.
Ulf Möller wrote the following about mistakes in Wassenaar:
Since the definition differentiates algorithms by symmetry rather than by their cryptographic properties, there is no restriction whatsoever on asymmetric secret-key encryption algorithms. Those algorithms typically are not based on factorization or discrete logarithms. That is, they are no longer controlled by the Wassenaar arrangement.
At 07:06 PM 12/10/98 +0000, Ben Laurie wrote:
Hmm - so if I defined a new crytpo algorithm, SED3, say, that looks
Unfortunately, the WA still sucks, flies in the face of common sense, and only makes sense if orwellian, or huxleyan predictions of future societies are being actualized, today. I'm afraid. I'm very afraid,,, Reeza! Be very afraid, Barney has his own movie. Now, tubetubbies not only steal the young'uns minds, but their lives as well,,, At 01:17 AM 12/30/98 -0800, Bill Stewart wrote: likethis:
SED3(k,x)=3DES(backwards(k),x) where backwards(k) is k with its bits written backwards, then the 3DES/SED3(k1,k2) combination is exportable (where k1 is related to k2, of course, by k2=backwards(k1))?
I assume you mean 3DESDecrypt(backwards(k),x) ? It still doesn't work, because 3DESEncrypt is still symmetric with 3DESDecrypt, and SED3Decrypt is still symmetric with 3DESEncrypt(backwards(k),x). But you could still come up with something that meets the letter of the non-law, just for the fun of tweaking them.
I think it's more realistic to go for the various General Software Exemptions and Public Domain Exemptions, and generally lobby legislatures to slow down on implementing Bad Things, and let them see there's money to be made for their countries' local businesses by not cooperating.
A potentially valuable change to go for would be to allow export between members of the Wassenaar, or the EC, or whatever. After all, the whole purpose of the COCOM that Wassenaar grew out of was to keep Commies from getting militarily valuable technology, and now that there aren't any Commies (unless you count the Chinese or Cubans) and they've let the Russians into Wassenaar, the whole thing's prima facie stupid anyway.
Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
Unfortunately, since Wassenaar is not the law, only an agreement by bureaucrats to make laws or regulations sort of like it if they can talk their pet legislatures into rubberstamping them, this doesn't help. You can't take a bureaucrat to court and insist that she rescind a regulation that was stronger than the Minimum Daily Repression specified in the "Arrangement" - you can only insist on whatever your nation's constitution (if any) or fundamental rights document (if any) specifies, or perhaps go to the World Court or some European Union or European Community court and argue the case there. But most of these rights documents say things like "except for national security" and aren't very enforceable even if they do plainly state that your rights are stronger than that.
Ulf Möller wrote the following about mistakes in Wassenaar:
Since the definition differentiates algorithms by symmetry rather than by their cryptographic properties, there is no restriction whatsoever on asymmetric secret-key encryption algorithms. Those algorithms typically are not based on factorization or discrete logarithms. That is, they are no longer controlled by the Wassenaar arrangement.
At 07:06 PM 12/10/98 +0000, Ben Laurie wrote:
Hmm - so if I defined a new crytpo algorithm, SED3, say, that looks likethis: SED3(k,x)=3DES(backwards(k),x) where backwards(k) is k with its bits written backwards, then the 3DES/SED3(k1,k2) combination is exportable (where k1 is related to k2, of course, by k2=backwards(k1))?
I assume you mean 3DESDecrypt(backwards(k),x) ? It still doesn't work, because 3DESEncrypt is still symmetric with 3DESDecrypt, and SED3Decrypt is still symmetric with 3DESEncrypt(backwards(k),x). But you could still come up with something that meets the letter of the non-law, just for the fun of tweaking them. I think it's more realistic to go for the various General Software Exemptions and Public Domain Exemptions, and generally lobby legislatures to slow down on implementing Bad Things, and let them see there's money to be made for their countries' local businesses by not cooperating. A potentially valuable change to go for would be to allow export between members of the Wassenaar, or the EC, or whatever. After all, the whole purpose of the COCOM that Wassenaar grew out of was to keep Commies from getting militarily valuable technology, and now that there aren't any Commies (unless you count the Chinese or Cubans) and they've let the Russians into Wassenaar, the whole thing's prima facie stupid anyway. Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
participants (4)
-
Ben Laurie -
Bill Stewart -
Reeza! -
ulf@fitug.de