New export controls to include code signing applications

Adam Shostack adam at homeport.org
Wed Dec 11 19:23:40 PST 1996


These are important, and damaging changes to the regulations.  My
thanks to Lucky for pointing them out.

Previously, authentication technologies, signatures and integrity
checkers had specific exemptions.

I suggest those journalists who lurk here call companies like Digital
Pathways, McAffee, Symantec, and see if they are aware of these
proposed changes.  

Adam


Lucky Green wrote:
| It has been speculated in the past that certain crypto schemes, such as
| proposed by Microsoft and Sun, using signed crypto plugins might be helpful
| to the cause for strong crypto if non-US branches of US software companies
| would certify foreign developed crypto software.
| 
| According to the recent proposal by Commerce, this will not happen. It will
| be illegal to export the software required to sign the code. So much for
| the government's claim that they make no attempt to limit the export of
| signing-only software.
| 
| >From http://www.steptoe.com/commerce.htm
| 
| [Listing specific software prohibited from export]
| "c.2. "Software" to certify "software" controlled by 5D002.c.1; "
| 
| And, btw, virus checkers are also prohibited from export. Makes you wonder.
| 
| "c.3. "Software" designed or modified to protect against malicious computer
| damage, e.g., viruses;"
| 
| 
| -- Lucky Green <mailto:shamrock at netcom.com> PGP encrypted mail preferred
|    Make your mark in the history of mathematics. Use the spare cycles of
|    your PC/PPC/UNIX box to help find a new prime.
|    http://ourworld.compuserve.com/homepages/justforfun/prime.htm
| 


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume








More information about the cypherpunks-legacy mailing list