[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Export Control and SPKI

To help clarify the position on crypto export control, I quote here from a
document labeled "Export Administration Regulations" snipping all but the
thread relevant to crypto software, and indicating to me the allowance of
public key management for authentication and integrity.

  The following articles are designated by the Office of Defense Trade
  Controls, U.S. Department of State, as arms, ammunition, and implements
  of war:


  Category XIII - Auxilliary Military Equipment


    (b) Information Security Systems and equipment, cryptographic devices,
    software, and components specifically designed or modified therefore,

    (1)  Cryptographic (including key management) systems, equipment,
      assemblies, modules, integrated circuits, components or software
      with the capability of maintaining secrecy or confidentiality of
      information or information systems, EXCEPT cryptographic equipment
      and software as follows:


      (vi)  Limited to data authentication which calculates a Message
      Authentication Code (MAC) or similar result to ensure no alteration
      of text has taken place, or to authenticate users, but does not allow
      for encryption of data, text or other media OTHER THAN THAT NEEDED

(the uppercase EXCEPT and OTHER THAN ... are my own emphasis.)

I hope this helps, but in retrospect, I guess we all need lawyers.


Tony Bartoletti                                             LL
SPI Project Leader                                       LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL