People have been reading the list for a while will be familiar with this piece of perl code used as a non-exportable, supposedly ITAR controlled .sig: #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa 2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print pack('H*',$_)while read(STDIN,$m,($w=2*$d-1+length($n)&~1)/2) which is an implementation of RSA encryption in perl optimised for size. A lot of list bandwidth a while back was consumed with discussion of the T-shirt versions of this .sig. More info on the .sig, and T-shirt at: .sig: http://www.dcs.ex.ac.uk/~aba/rsa/ t-shirts: http://www.obscura.com/~shirt/ Update wrt the idea of using the .sig for a tattoo: Richard White <maldoror@pacificnet.net> had his wife (who is a tattoo artist) put a tatto of this code on his forearm. Gif of the Richard's tattoo now available here: http://www.dcs.ex.ac.uk/~aba/rsa/tattoo.html This means that he may, technically, qualify as a munitions on the USML, and as a result not be allowed to show the tattoo to a foreign national in the US, nor leave the US. Note it says _technically_ above, as there was much discussion on the list re the shirts as to whether the shirt actually would ever be classified as a munition due to the impracticality of using a shirt as a distribution media, and silliness factor. We shall see wrt the shirt when and if Raph recieves a determination from his CJR for the shirt. (I would note that someone posted a while ago that they did manage to get the barcode to scan, on I think one of Joel Furr's shirts). Also the secondary claim about whether or not ITAR stipulates that a software item can be shown to a foreign national in the US seems open to debate (some say ITAR strictly interpreted does say this, others say not). Also something about the anti-ITAR fight recently which was an eye opener for me was that I took a look at Phil Karn's export page to do with his ongoing battle against ITAR as applied to crypto, with the Applied Crypto disk/book case: http://www.qualcomm.com/people/pkarn/export/ In his court transcripts there is a declaration by Phil Zimmermann in connection with the Applied Crypto case, however he (PRZ) also mentions the unofficial progress on his PGP source code book published by MIT press. PRZs declaration from bottom of: http://www.qualcomm.com/people/pkarn/export/zimm.html

10. I believe that the commodity jurisdiction request referred on page 28 of the Justice filing is the one which was filed by MIT Press for my book, PGP: Source Code and Internals. I am further informally advised that the National Security Agency has considered the Request and recommended that the book be controlled for export under the ITAR and that the Department of Commerce has recommended that it not be subject to ITAR controls.

Wow! If this informal info is confirmed as the NSAs determination, it will have interesting ramifications for the distinction between paper based publications and electronic. It will also reinforce Phil Karn's use of the charge of "arbitrary, [and] capricious" enforcement on the part of the NSA/ODTC, as the CJR for Applied Crypto in print form was successful. Adam