[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MIT implementation sources?

>>>My reading of the latest Wasenaar (sp?) agreement is that authentication
>>>only systems are completely de-controlled.  As such, unless you are in one
>>>of the 5 really bad guy countries, export/import is completely legal.
>>Hmm, are you sure that Wassenaar allows export of sources?  If memory serves
>>correctly, only binary code is granted export if it meets the criteria.
>I've been working on the theory that source, being more like speech than 
>object code, is certainly exportable if object code is.  I didn't see 
>anything in the Wassenaar agreement about source vs. object, but I could have 
>missed it.
Like a lot of Wassenaar, what is and isn't controlled is whatever your 
government says is or isn't controlled.  In particular, source code can be 
controlled even though the equivalent object code isn't controlled because 
it's possible to take crippled or authentication-only source and turn it into 
a non-crippled or crypto-capable program.  I know that both the US and NZ 
governments treat source as being more dangerous than object code, and often 
won't allow source code to be exported even if the equivalent object code is 
exportable.  If the SPKI code contains RSA signature code for any key size, 
it's almost certainly controlled, since it's trivial to turn it into 
strong encryption code.