CDR: Can we kill the 64-bit nonsense this year?
Sandy Harris
sandy at storm.ca
Wed Sep 27 11:13:28 PDT 2000
I've already posted this to cryto-canada at greatvideo.com, but it seems to me
wider distribution might be appropriate.
>From the Canadian gov't Dep't of Foreign Affairs and International Trade
(DFAIT) site:
http://www.dfait-maeci.gc.ca/~eicb/notices/ser113-e.htm
> ... the Wassenaar Arrangement Participating States reached a consensus
> decision on export control revisions for cryptographic goods and
> technologies at a meeting in Vienna on 03 December 1998.
>
> 12. The Wassenaar Arrangement Participating States agreed to ...
> ... a Cryptography Note applicable to both hardware and software goods
> that meet all of the following:
>
> (a) generally available to the public by being sold, ...
> (b) the cryptographic functionality cannot easily be changed by the user;
> (c) designed for installation by the user ...
> (d) does not contain a symmetric algorithm employing a key length
> exceeding 64 bits; and
> (e) when necessary, details of the items are accessible ... to the
> appropriate authority ... to ascertain compliance with ...
> a. to d. above.
>
> 13. In addition to the technical changes, the Wassenaar Arrangement
> Participating States agreed that the controls on Mass Market goods as
> defined in sub-paragraph 12 (d) above will remain in effect for two years
> and that the renewal of such controls for a successive period will require
> the unanimous consent of the Wassenaar Arrangement Participating States.
My reading of that is that the current 64-bit limit for freely exportable
commercial software dies at the end of this year if any Wassenaar country
acts sensibly and votes to kill it.
Of course, there will be pressure from the US and perhaps some others to
act stupidly and maintain the 64-bit limit or rplace it with some larger
but still insecure limit.
What can we do to ensure that unanimous consent to this does not occur?
It should be rather difficult to get unanimous consent to anything from
a group of 35, and maintaining the limit is clearly a remarkably dumb
thing to do, so the odds may be with us here. Still, I'd feel better if
I knew of a dozen or so countries publicly committed to withholding
that consent.
More information about the cypherpunks-legacy
mailing list