Gilmore Publishes Strong Crypto Code Online for Authentication
John Gilmore
gnu at toad.com
Tue Dec 23 12:52:59 PST 1997
[This announcement does not relate directly to the Bernstein case,
but I felt the overlap of interest would be very strong. -- John]
Strong Crypto Code Published Online for Authentication
San Francisco, December 23, 1997 - Civil libertarian John Gilmore
today published strong authentication source code on the Internet,
making it available for worldwide access, despite U.S. National
Security Agency attempts to restrict such software. He is publishing
Domain Name System Security software that contains a complete copy of
RSAREF, well-known cryptography software that is a predecessor to the
DNSsafe software released in October by RSA Data Security, Inc.
Mr Gilmore explains, "Internet publication of cryptography software is
considered an export by the US Government, and often requires
government permission under the Export Administration Regulations
(EAR). But those regulations specifically exempt programs which
merely prove that information is authentic (authentication), rather
than hiding the information (privacy)."
The export regulations were amended in 1989 to exclude authentication
software. Since that time, however, the National Security Agency has
been telling people privately that the exclusion only applies to
ready-to-run "binary" programs. They have reportedly claimed that the
regulations still require government permission to export the
human-readable "source code" of authentication programs. The plain
text of the regulations makes no such distinction, though; all
authentication programs are exempt.
Readers can obtain the software from Mr. Gilmore's web site for Domain
Name System Security, at http://www.toad.com/~dnssec or at
http://www.flash.net/~dnssec. Future releases will be available from
the Internet Software Consortium, http://www.isc.org/bind.html.
The Electronic Frontier Foundation, which Mr. Gilmore co-founded, is
sponsoring a lawsuit to have the entire cryptography software export
control regime overturned. In the three-year suit, Bernstein v. State,
Judge Marilyn Hall Patel has invalidated export controls administered by
both the State Department and the Commerce Department. She ruled they
are an unconstitutional prior restraint against our First Amendment
right to speak and publish about cryptography. The case is now in the
Ninth Circuit Court of Appeals.
Domain Name System Security: http://www.toad.com/~dnssec
or http://www.flash.net/~dnssec
Internet Software Consortium: http://www.isc.org
RSA Data Security: http://www.rsa.com
Electronic Frontier Foundation: http://www.eff.org
Press Contacts:
John Gilmore, Founding Board Member, EFF
+1 415 221 6524, gnu at toad.com
Shari Steele, Staff Attorney, Electronic Frontier Foundation
+1 301 375 8856, ssteele at eff.org
More press background is available at:
http://www.toad.com/~dnssec/pressrel1.background.txt
More information about the cypherpunks-legacy
mailing list