On Thu, 31 Oct 1996, Jim Nance wrote:
> Forwarded message:
> > >Export of _any_ encryption algorithm (not just DES) from the US to
> > >anywhere (except Canada?) is illegal without the proper permits.
> > Are you sure about this? I always understood it to be export of
> > encryption technology based on keys greater than a given length
> > (currently 40 bits? 56 bits?) that was illegal. Export of anything
> > less than this key length is allowed.
> The original poster is right. You can not export ANY encryption software
> from the US without permission from the government. The 40 bit key is a
> rule of thumb for something to do which will probably allow you to get
> approval for export.
Yep, according to what I can find the good ol' government can refuse to
allow the export of any product using cryptography if it so desires.
The 40 bit (soon to be 56, I believe) limit usually just assures the
producer the government won't bother wasting its time on something it
could crack with less man time.
Oh, and on another point...I believe it is illegal to import only public-
key algorithms for US citizens. The PKP (Public Key Partners) hold a
patent until some time early next century on these. For instance, when
I downloaded SSLeay, I had to go through contortions to make it use
RSA's sslref library instead of Eric's own implementation.
Unix Systems Administrator
Daniel Webster College
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----