Re: The US Perspective (was Re: Is there any current maintainer...)

On Wed, 3 Dec 1997, subaccount of Daniel Melvin Smith wrote:

> I enjoy hacking, including crypto, but I can't participate in the
> way I'd like because of ITAR. :( This may be hampering the success
> of ipsec along with the fact that for people to really use it they
> need the public key stuff which for most of the world means Eric Young's
> library, but for us it means either buying licenses for rsaref from
> RSA, or using some alternative. I'd really like to see some work
> in an RSA alternative, which is why I implemented ElGamal for
> a local contract I am doing. The problem still exists with my
> ElGamal public key work, I can't share it with you guys because
> I might get hauled into court.
>
> So I guess what I just said is I'm frustrated because I want to
> help the project and there isn't really anything anyone can do
> about it until the US decides to kill ITAR.

I actually think this might not be completely true. As we have seen in many instances (eg. the work on scanning all the PGP 5.0 from paper copy of sources, Bruce Schneier's book without the disks), the ITAR regulations do not seem to apply to paper copy of source code for any cryptographical code.

Although I am not a lawyer and I do not know the US regulations in detail, my feeling is that if the US citizens want to participate on development of cryptographical software under the terms of the GNU license, they can simply print their code on paper, post it outside the US (with possibly getting some formal approval) and getting someone outside the US to scan/retype the code and post it to servers outside the US. In this way, users both outside and inside the US will be able to benefit from the code.

If we can find someone to investigate the legal impliacations, it might be even possible to fax code listings, which would be ideally suited for updates and patches.

Provided that someone would be able to check the legalese in the US, we would be able to volunteer to participate on the scanning, retyping and archiving the paper copies. We can also setup a server here in the Czech republic, where there is currently no law restricting export or import of cryptographical code or products and there does not seem to be any initiative to introduce one (unless there is some EU-wide regulation introduced).

For the scanning etc. we might be able to put some people part time or even full time as our contribution to the project, including hardware and network resources.

I would welcome comments from as many readers of this list as possible, especially from those who might bring some light into the legal aspects of this model.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

Some references:

http://www.pgpi.com/ (The International PGP page, including the scanning project description) - was formerly at the Oslo university in Norway.

Foreword by Whitfield Diffie
to Bruce Schneier's Applied Cryptography, 2nd edition, J. Wiley & Sons, 1995, page xviii

Thanks and regards,

Petr

!Petr Novak                         Phone: +420 -2- 2424 5599      !
!Chairman & CEO                     Fax:   +420 -2- 2424 5533      !
!Internet servis, a.s.              E-mail: Petr.Novak@internet.cz !
!Zirovnicka 6                 NOTE: *On March 1st 1997 the country*!
!CZ-106 00 Praha 10           NOTE: *code for Czechia has changed *!
!Czech Republic               NOTE: *from +42 to +420 *************!
====================================================================