[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 128Bit Encryption
On Wed, Sep 13, 2000 at 01:05:06PM -0400, mufti ahmed wrote:
> Does anyone know if 128Bit Encryption is allowed outside teh US yet?
Depends on the country (and not whether that country is the US).
128bit encryption is allowed in A LOT of countries and has been for
a LONG time. Some countries prohibit their citizens from posession
crypto (more on that below) but they are few, with one or two highly
notable examples.
Now... If perchance, you missworded your question and you were
really asking if it was allowed to export 128bit encryption software
from the US to other countries, then you have a different question.
Then the answer is a very strong "maybe".
Open source encryption software is pretty much fair game, as
long as BXA has been notified first. If it is downloaded off of web
sites or ftp sites, you don't even have to screen for T-7 (Terrorist 7)
countries. If you are shipping software overseas, you have to be a
little more diligent, but not much.
If it's closed source software, the rules are a lot more
complicated and some key length issues still exist. But I personally
would not trust closed source crypto, anyways, no matter what the key
length was.
> Are there any issues that ISPs hace to face whether it is or not? And
> does anyone know where i can get info on this if it is allowed? - (Rules
> & Regulations if any)?
If you are in the US and you are not shipping software, then no,
you really don't have to worry. If you are in the US and shipping open
source crypto software, then you only have a little bit to worry about.
If you are in the US and shipping closed source crypto, you have a lot
more to worry about (and the regs are just a part of the story).
People in other countries still have to worry about their own
country's regulations. France has opened things up a lot but use to
prohibit private use of crypto. Great Britian seems to be trying to
go in the opposite direction with several bills to force people to
reveal keys while prohibiting them from revealing that their keys have
been compromised.
Technically, Russia and China both prohibit strong cryptography,
but I just came back from two weeks in China as a member of the professional
delegation representing the Internet Society (ISOC) at the invite of the
Chinese Association for Science and Technology (CAST). What I saw there
amazed me. Government leaders are promoting the idea that security, and
privacy, and strong cryptography are necessary and good for the Internet
and for E-Commerce (both of which they want very much). At a meeting at
the Xi'an Institute of Post and Telecommunications, I met a professor
there who introduced himself to us as a cryptographer. I thought that
in China, that would be like introducing yourself as a pedophile. The
times they are a changing! Since then, I have heard from several of
my Russian colleages who tell me the same story about Russia. It is
technically, on the books, illegal to use strong crypto in Russia. In
fact, the Russians are encouraging the use of strong crypto.
> Thanks In Addvance
I'm not sure I answered your questions, but I'm not sure they can
be truely answered as they were put. Can you be more specific about what
you are worried about and what you are trying to do?
> Mufti Nayeem Ahmed
> Network Systems Engineer
> Market Data Networks
> Reuters America Inc
> (212-603-3595
--
Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
References: