[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Agenda for the Minneapolis meeting



Scott Fanning wrote:
> 
> If AES is a must, would export be an issue? I am not sure what the rules
> around AES is. ...

Nor am I, but there is some reason for optimism. 

>From the site of the Wassenaar secretariat, who administer the international
agreements on arms export control:

"Summary of changes effective Dec 1 2000"
http://www.wassenaar.org/list/Summary.html

" 5.A.2. Cryptography Note
" Cryptography Note d. has been deleted, as well as the related Validity Note

The current text on cryptography is note 3 at:
http://www.wassenaar.org/list/Cat%205P2%20-%2099.pdf

The deleted point d. was the restriction to 64-bit keylength for exportable
symmetric ciphers.

So, in terms of international agreements -- which are, I think, what the IETF
should base policy on -- there is absolutely no problem with export of AES.

Of course the US gov't may do something different. The Wassenaar agreement has
had a clause flatly saying public domain software was exempt from its controls
for years. The US gov't ignored that clause as long as they could, despite being
party to Wassenaar. They finally allowed export in their jan 2000 rule changes,
but required notification to BXA.

I've no idea whether or when the US will drop the 64-bit restriction. Perhaps
they'll ignore the international agreement and keep the restriction.

Methinks the IETF should, following RFC 1984, just go ahead and do the obviously
right thing -- make AES a MUST -- whatever stance the US gov't may choose.


References: