Mr. Gillogly wrote,

The reason I don't consider your Stunning Revelation an important news flash is that it's just one example of the many ways crypto is actually exported. For example, PGP 2.6 was overseas within hours of its release.

That was a single ITAR violation. This is thousands.

A more direct comparison is with DES: NIST has DES code available in soft copy in Appendix A of its publication fips181.txt, accessible in their public FTP directory with no warnings about export restrictions.

Huh? Who would want to export DES? That wont have any influence on people's politics. PGP is a hot topic. *It's* export is all that people think about.

The Cantwell stuff is extremely important for commercial products, but for private crypto (e.g. non-profit and non-infringing PGP implementations) it simply decriminalizes the existing vigorous export activity; rather like decriminalizing the use of marijuana.

The sumex case is like a huge year-long "smoke-in", the sort of thing that might lead to *legalization* of hemp, if the lay public were aware of it. "Private crypto" (PGP in all its guises) is becoming a standard, yet its future development has been and still is being severely crippled by ITAR worries among many who would otherwise be active core PGP developers. Cantwell, in my eyes, is about *PGP*. I'm all for commercial RSA, but unless I can send a friend a free copy of it, the hell with it. Also remember commercial crypto hardly ever comes with source code! Colin found a serious bug in PGP2.6 where one character was left out in the crypto code. I believe it was someone else who pointed this out to him. Had this happened with ViaCrypt PGP or "Microsoft Encrypt", would you expect it to be found? How can you *trust* a commercial crypto routine if the exact and compilable source code is not available? And if PGP does become a standard, why do you want to pay for it 8-) ? So you wont have to waste the time looking for backdoors in the source? P.S. Sorry for the multiple posting, but I figured the remailer I used was dead, since it was, for a day.