[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NIST involvement in PKI

At 08:36 AM 8/7/96 +1000, George Michaelson wrote:
>  We have people implementing code to the current draft and at least one set
>  of that code will be made available on the net for people to read and use.
>  We have two companies and one individual with plans to use SPKI certificates
>  ASAP.
>Do you have a non-US source of code, ie a legitemate externally written
>instance, not a black copy of ITAR export restricted sourcecode?
>I hate nominating people without their consent, but if you were looking
>for a plausible candidate, the EAY of SSLEAY has to be pre-eminent right
>now in sourcing crypto code used in the global internet...
>I apologise if I misunderstand PKI and there are no export issues here.


        thank you for raising this issue.

        I need to check with folks down the road at NSA.  The last time I
talked with them, crypto for authentication (which is what SPKI is for) is
freely exportable and we don't even need to bring it to the attention of the
Commerce Dept, much less State Dept (= NSA).  However, that applies to
executables only.  That would leave us in the unfortunate position of having
to compile versions of these tools for each possible platform and OS -- make
libraries in different formats -- ugh!!!!

        What I need to find out is whether NSA would applaud the export of
source code for authentication-only applications without the crypto
routines.  I believe they would, but I don't know what kind of approval
process there is.

        Meanwhile, I think you are correct that it would be good to have a
non-US source of this give-away crypto code.  Then the only issue would be
patents and which crypto package the code interfaces to -- RSAREF vs. the
non-US version of RSAREF -- or BSAFE for existing RSADSI customers (like us).

        If you can ask someone associated with SSLEAY to consider this (or
point me at someone), I'd appreciate it.

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |