[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Export Control and SPKI
To help clarify the position on crypto export control, I quote here from a
document labeled "Export Administration Regulations" snipping all but the
thread relevant to crypto software, and indicating to me the allowance of
public key management for authentication and integrity.
The following articles are designated by the Office of Defense Trade
Controls, U.S. Department of State, as arms, ammunition, and implements
of war:
[snip]
Category XIII - Auxilliary Military Equipment
[snip]
(b) Information Security Systems and equipment, cryptographic devices,
software, and components specifically designed or modified therefore,
including:
(1) Cryptographic (including key management) systems, equipment,
assemblies, modules, integrated circuits, components or software
with the capability of maintaining secrecy or confidentiality of
information or information systems, EXCEPT cryptographic equipment
and software as follows:
[snip]
(vi) Limited to data authentication which calculates a Message
Authentication Code (MAC) or similar result to ensure no alteration
of text has taken place, or to authenticate users, but does not allow
for encryption of data, text or other media OTHER THAN THAT NEEDED
FOR THE AUTHENTICATION.
(the uppercase EXCEPT and OTHER THAN ... are my own emphasis.)
I hope this helps, but in retrospect, I guess we all need lawyers.
___TONY___
Tony Bartoletti LL
SPI Project Leader LL LL
Computer Security Technology Center LL LL LL
Lawrence Livermore National Lab LL LL LL
PO Box 808, L - 303 LL LL LLLLLLLL
Livermore, CA 94551-9900 LL LLLLLLLL
email: azb@llnl.gov phone: 510-422-3881 LLLLLLLL