We need to do an audit of our "crypto", both current and planned. (fwd)
Vladimir Mencl, MK, susSED
mencl at nenya.ms.mff.cuni.cz
Thu Jan 13 19:31:16 CET 2000
Americka vlada zase neco divnyho vyvadi ohledne pravidel pro export
sifrovavich algroritmu - tohle ted bezelo na freebsd-security at freebsd.org
Vlada Mencl
---------- Forwarded message ----------
From: Jordan K. Hubbard <jkh at zippy.cdrom.com>
To: markm at FreeBSD.ORG
Cc: security at FreeBSD.ORG
Date: Thu, 13 Jan 2000 09:23:55 -0800
Subject: We need to do an audit of our "crypto", both current and planned.
So that we can obey this clause of the new export agreement:
Encryption source code which is available to the public and which is
subject to an express agreement for the payment of a licensing fee or
royalty for commercial production or sale of any product developed
using the source code (such as "community source" code) may be
exported under a license exception to any end-user without a technical
review. At the time of export, the exporter must submit to the Bureau
of Export Administration a copy of the source code, or a written
notification of its Internet address. All other source code can be
exported after a technical review to any non-government
end-user. U.S. exporters may have to provide general information on
foreign products developed for commercial sale using commercial source
code, but foreign products developed using U.S.-origin source code or
toolkits do not require a technical review.
E.g. I need to submit a written notification containing the URL
pointing to just the crypto stuff we're going to do, including future
items like OpenSSH, IPSec, etc. Once that's done, at least as I read
this agreement (and have at least 3 times :), we and any mirror site
in the U.S. containing the FreeBSD code should be in the clear.
I'm also sure that it's possible to read this agreement in such a way
that, with sufficient paranoia, one could conclude that nothing had
changed and it was all a plot by the space aliens to lend us a false
sense of security, but I'd rather not hear those arguments from people
right now, I just want to know what we should "declare" as part of
this process. :)
- Jordan
To Unsubscribe: send mail to majordomo at FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
More information about the Users-l
mailing list