Here is a draft of the CJR I intend to file, for the perl-RSA t-shirt. Please check it over for technical inaccuracies or other problems. It should sound quite familiar, as I have shamelessly ripped off the CJR that Phil Karn filed for the Applied Cryptography book. Let me know what you think! Raph ======================================================================= ATTN: Maj Gary Oncale - 15 Day CJ Request U.S. Department of State Office of Defense Trade Controls PM/DTC SA-6 Room 200 1701 N. Fort Myer Drive Arlington, VA 22209-3113 Fax +1 703 875 5845 ATTN: 15 Day CJ Request Coordinator National Security Agency P.O. Box 246 Annapolis Junction, MD 20701 Subject: Mass Market Software with Encryption - 15 Day Expedited Review Requested Subject: Commodity Jurisdiction Request for perl-RSA t-shirt, an encryption program INTRODUCTION This is a Commodity Jurisdiction Request for mass market software with encryption capabilities. The name of the software product is "perl-RSA t-shirt", by Adam Back. It is published in the form of a t-shirt by Joel Furr, 916 W. Trinity Ave, #10, Durham NC 27701. I have no DTC registration code. I have reviewed and determined that this t-shirt, the subject of this CJ request, meets paragraph 1 of the "Criteria for Determining the Eligibility of A Mass Market Software Product for Expedited Handling." I base this determination on the following facts: a) this t-shirt is readily available from Joel Furr, and has been shipped in quantity of several hundred copies, thus qualifying it as mass market software; b) sufficient documentation is included to allow installation and use by any end user capable of typing in the software, or scanning the bar code, and running it. Additional documentation is available on the Internet World Wide Web at http://dcs.ex.ac.uk/~aba/rsa/ . To my knowledge the author and publisher provide no "product support" as that term is generally understood; and c) the t-shirt contains encryption software source code listings that provide confidentiality. A duplicate copy of this CJR has been sent to the 15 Day CJ Request Coordinator. DESCRIPTION The t-shirt contains an implementation of the RSA asymmetric cryptographic algorithms. Furthermore, instructions, in the form of a terse usage string, are given for using the implementation to provide confidentiality. The source code of the implementation is featured both as four lines of text and also as a bar code, making the t-shirt machine readable as well as machine washable. The algorithm is implemented in the Perl scripting language, and will run on any standard Unix configuration that includes both an implementation of the Perl language and the common "dc" (desk calculator) program. Two copies of the shirt are included with the filing of this CJ request. ORIGIN OF COMMODITY This t-shirt originates in the United States. While the primary author is a citizen of the United Kingdom, living in England, other contributors to the work are citizens of the US living in the US. The publisher is a United States citizen living in the United States. The t-shirts are manufactured and printed in the United States. The cryptographic algorithm implemented in this t-shirt comes from various sources, at various times, and was produced with both private and public sources of funding. The source code implementation contained in the t-shirt also comes from a variety of countries, including Australia, Canada, the United States and the United Kingdom. The algorithm is thought to be designed for private and commercial civilian use. The t-shirt is currently publicly available from Joel Furr, at a list price of $12.36, including shipping and handling. More ordering information is available on the Internet World Wide Web at http://www.danger.com/ad-perl.html . CURRENT USE The t-shirt is intended as an implementation of the RSA cipher for those who wish to incorporate encryption into their communications. The small size of the implementation makes it particularly useful in contexts in which existing cryptographic infrastructure is not available. Examples of the commercial use of the cipher implemented include integrity verification, authentication and confidentiality of electronic mail, computer software, voice, video and other information in digitized form. For example, the cipher is used either by itself for email privacy, and also as a component in other protocols that provide privacy and authentication, including PGP (Pretty Good Privacy), S/MIME (Secure Multipurpose Internet Mail Extensions), MOSS (MIME Object Security Services), PEM (Privacy Enhanced Mail), and SSL (Secure Sockets Layer). The uses of this cipher have not changed significantly over time, although their popularity has grown substantially. Their present military utility is unknown, except that it is believed that the algorithm is not approved for the protection of US classified information. SPECIAL CHARACTERISTICS There are no military standards or specifications that this t-shirt is designed to meet. There are no special characteristics of the t-shirt, including no radiation-hardening, no ballistic protection, no hard points (the t-shirt is only available in soft 100% cotton), no TEMPEST capability, no thermal and no infrared signature reduction capability (in excess of that provided by a typical black cotton t-shirt), no surveillance, and no intelligence gathering capability. The t-shirt does not use image intensification tubes. OTHER INFORMATION I recommend that this t-shirt be determined to be in the jurisdiction of the Commerce Department. I believe that it qualifies for the general license GTDA for General Technical Data to All Destinations, because it qualifies as "publicly available". ATTACHMENTS I have enclosed two copies of the t-shirt, included with the primary filing of this CJ request. Sincerely, Raphael L. Levien