[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MIT implementation sources?
>>>My reading of the latest Wasenaar (sp?) agreement is that authentication
>>>only systems are completely de-controlled. As such, unless you are in one
>>>of the 5 really bad guy countries, export/import is completely legal.
>>Hmm, are you sure that Wassenaar allows export of sources? If memory serves
>>correctly, only binary code is granted export if it meets the criteria.
>I've been working on the theory that source, being more like speech than
>object code, is certainly exportable if object code is. I didn't see
>anything in the Wassenaar agreement about source vs. object, but I could have
Like a lot of Wassenaar, what is and isn't controlled is whatever your
government says is or isn't controlled. In particular, source code can be
controlled even though the equivalent object code isn't controlled because
it's possible to take crippled or authentication-only source and turn it into
a non-crippled or crypto-capable program. I know that both the US and NZ
governments treat source as being more dangerous than object code, and often
won't allow source code to be exported even if the equivalent object code is
exportable. If the SPKI code contains RSA signature code for any key size,
it's almost certainly controlled, since it's trivial to turn it into
strong encryption code.