[cryptography] Interesting Webcrypto question

Adam Back adam at cypherspace.org
Sun Mar 3 16:41:59 EST 2013


Unless you're selling SSL MITM boxes to tyrants & dictators, then of course
its alright ;) Well maybe they'll turn a blind eye if the West is propping
up that particular tyrant until they flip flop.

Anyway wasnt all that US export of crypto code nonsense tidied up a decade
or so ago?  PRZ did not go to jail, and neither will you?  Isnt at this
stage more that you optionally notify BIS via email as courtesy rather than
ask for permission?

Dont tell me you still think you need permission to export RSA in perl to
non-embargoed entities:

#!/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)

Adam

On Sun, Mar 03, 2013 at 04:12:45PM -0500, Jeffrey Walton wrote:
>On Sun, Mar 3, 2013 at 3:18 PM, Arshad Noor <arshad.noor at strongauth.com> wrote:
>> On 03/03/2013 11:34 AM, Paul Hoffman wrote:
>>>>
>>>> You've now exported crypto to a restricted country.  What happens next?
>>>
>>>
>>> You ask a lawyer or a legislator, not a bunch of amateurs in the subject?
>>>
>>
>> +1
>>
>> As someone who personally reviewed hundreds of pages of EAR rules,
>> applied for and received License Exceptions for the export
>Have you spoken to Anita? She is very helpful :)
>
>> key-management and PKI appliances, I would conjecture that crypto
>> in JavaScript would violate US export laws.
>Key management may or may not be covered by export controls. It
>depends on whether you are using encryption.
>
>You can perform key agreement (Diffie-Hellman) and not require an
>export license. But if you key a block cipher with the shared secret,
>you will need a license.
>
>If you are doing key transport (RSA), then you would need a license.
>EAP-PSK, with its underlying block cipher, also requires a license.
>
>Authentication does not require a license.
>
>> Companies/Individuals
>> that create crypto are restricted from shipping/selling it to
>> people even in the USA if they appear on the Denied Persons List:
>>
>> http://www.bis.doc.gov/dpl/default.shtm
>I believe you can ship to banned countries/individuals, but you need a
>license that is administered by both Department of Commerce and State
>Department. Cookie cutter licenses to get approved for the App Store
>usually don't fall under joint jurisdiction.
>
>Jeff
>_______________________________________________
>cryptography mailing list
>cryptography at randombit.net
>http://lists.randombit.net/mailman/listinfo/cryptography



More information about the cryptography mailing list