Pegasus Mail

Rich Salz rsalz at osf.org
Mon Nov 13 04:42:41 PST 1995


I sure hope some tells David Harris that his program is now export
controlled.  From my reading of his message, it seemed like he thinks he
"beat the system" because he didn't include actual crypto code.

Software that says "plug your own crypto here" is considered an anciliarry
device according to the ITAR.  Or, as I heard some NSA people call it,
"the classic 'crypto with a hole'."  Seems kinda silly that the hole is
the crypto, but hey that anciliiary device clause, you just gotta love
it.

If Pegasus mail were written to support generic user-loadable content
transforms, that would be different.  But even then, you have to be careful
how that's done.  If just did some global search-and-replace and came up
with "keyed compression" you wouldn't get past anyone.  But if you had an
opaque state block that the user modules could set/use/clear, and you
passed that along with your in/out buffers, then you'd be safe.  Of course,
they'd know what is really going on, but are powerless to prevent it.
	/r$






More information about the cypherpunks-legacy mailing list