Re: NIST involvement in PKI

[Rich Salz <rsalz@osf.org>]

>        I need to check with folks down the road at NSA.  The last time I
>talked with them, crypto for authentication (which is what SPKI is for) is
>freely exportable and we don't even need to bring it to the attention of the
>Commerce Dept, much less State Dept (= NSA).

No, you must apply for a CJR -- Commerce Jurisdiction Ruling -- from
state/NSA.

>        What I need to find out is whether NSA would applaud the export of
>source code for authentication-only applications without the crypto
>routines.  I believe they would, but I don't know what kind of approval
>process there is.

Based on my experiences at/with OSF, as long as you don't distribute the
actual crypto, and as long as you write the code such that it can't easily
be turned into a general encryption engine for user-level data, you can
get export.  But the NSA is very uneasy about source-code; they much
prefer hardware or executables that are less easily modified.

You might find it helpful to look at
	http://www.osf.org/~rsalz/crypto-export.html

---

Follow-Ups:

• Re: NIST involvement in PKI
• From: George Michaelson <ggm@connect.com.au>

---

• Prev by Date: Re: NIST involvement in PKI
• Next by Date: Re: NIST involvement in PKI
• Prev by thread: Re: NIST involvement in PKI
• Next by thread: Re: NIST involvement in PKI
• Index(es):
  • Main
  • Thread