At 11:01 AM 10/10/96 -0600, Rollo Silver wrote:
I use PGP to communicate (presumably) strong-cryptoed messages to my stepson Ray Hirschfeld in Amsterdam, and vice versa. He uses an internationational version of PGP, and I use the domestic version that I got from MIT. They seem to be compatible.
They are.
I don't intend to submit my present or future private PGP keys for key escrow (Is that what's called GAK?).
GAK stands for Goverment Access to Keys. Key escrow is a term used in government circles to avoid that truth.
1. Does anyone think that legislation might be passed which would criminalize my communications with Ray?
Such communication was illegal during world war 2. Your belief in furture government (in)action depends on your trust of the government.
2. Suppose someone writes a program Z that has no expicit crypto code in it, but has hooks for installing one or another version of PGP. Given a copy of Z, someone in this country could install PGP he got from MIT, whereas someone in Europe could install the international version. Would export of Z violate ITAR restrictions?
Yes ------------------------------------------------------------------------- Bill Frantz | "Cave softly, cave safely, | Periwinkle -- Consulting (408)356-8506 | and cave with duct tape." | 16345 Englewood Ave. frantz@netcom.com | - Marianne Russo | Los Gatos, CA 95032, USA
Bill Frantz <frantz@netcom.com> writes:
2. Suppose someone writes a program Z that has no expicit crypto code in it, but has hooks for installing one or another version of PGP. Given a copy of Z, someone in this country could install PGP he got from MIT, whereas someone in Europe could install the international version. Would export of Z violate ITAR restrictions?
Yes
I agree. However let me elaborate for Rollo: with ITAR there are at least three aspects: - what ITAR says It says for instance that you can not _talk_ to a foreign national in the US about crypto, that you can not show them books, that you can not export books etc. We know this is not enforced (they tried it a few times and gave up). We know books are allowed to be exported, examples: Bruce Schneier's Applied Crypto (crypto source code, never mind technical descriptions, which ITAR says are illegal to export or disclose to foreigners "Disclosing (including oral or visual disclosure)" Phil Zimmermann/MIT's PGP source code and internals book, the full source code to PGP itself in an OCR font) They don't enforce books or discussions anymore because of the clear 1st ammendment case against this behaviour. - and what the NSA, and US government care to interpret ITAR as meaning today (they change to suit the case at hand, keeping their interpretation purposefully vague) - what they care to enforce NCSA Mosaic had a PGP signature checking hook, they were told to take it out. Microsoft's CAPI arrangement is that they will not sign non-US CAPI compliant crypto modules (Examples of enforcement of no-hooks interpretation). emacs mailcrypt is exported form the US (Emacs RMAIL/GNUS interface to PGP - just plug in pgp263i or mit pgp262, an example of non-enforcement of no-hooks interpretation) Adam -- #!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
participants (2)
-
Adam Back -
frantz@netcom.com