[6191] in cryptography@c2.net mail archive
Re: Export control of Java VM ??
daemon@ATHENA.MIT.EDU (Ian Goldberg)
Thu Dec 2 17:05:45 1999
To: cryptography@c2.net
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: 2 Dec 1999 21:57:33 GMT
Message-ID: <826q0d$upf$1@abraham.cs.berkeley.edu>
In article <199912021448.JAA11405@ibis.lcs.mit.edu>,
Ron Rivest <rivest@theory.lcs.mit.edu> wrote:
>If no per-key approval is needed, then I don't see why one can't
>distribute code that embodies a fixed transformation procedure, since
>this is really a "key" rather than a "program". That is, the
>distributed specifies a single transformation out of a large universe
>of possible transformations. Thus, a routine that computes:
>
> y = AES(M,k0)
>
>for transforming a message according to some fixed 256-bit AES key k0
>is really more like a key (it is k0 in another representation) than it
>is like a general-purpose encryption routine. Of course, it may (or
>may not) be easy to modify such distributed code to handle arbitrary
>keys (;-))
This *is* in fact the case. EAR 774 - Commerce Control List Section 5,
section 5A002, specifically _excludes_:
# b. Equipment containing ``fixed'' data compression or coding techniques;
So a program which computed y = AES(M,k_fixed) *is* exportable without a
licence. But probably not in source form... :-)
- Ian
