[1447] in WWW Security List Archive
Re: crypto export laws (fwd)
daemon@ATHENA.MIT.EDU (Ted Doty)
Thu Feb 8 15:31:30 1996
Date: Thu, 8 Feb 1996 11:38:45 -0500
From: Ted Doty <ted@kgbvax.network.com>
To: mark@anubis.network.com, hughes@anubis.network.com,
www-security@ns2.rutgers.edu
In-Reply-To: Mail from 'mark@anubis.network.com (Mark Bakke)'
dated: Wed, 7 Feb 1996 09:06:24 -0600 (CST)
Errors-To: owner-www-security@ns2.rutgers.edu
Prince, Cheryl <cprince@mfi.com> wrote:
>
> Can anyone give me the facts on the current cryptography export laws for
> internal corporate use? That is, if my company wants to communicate safely with
> our own branch offices abroad via WANs, can we use 128 bit encryption for that
> communication? Or are we restricted to 40 bit once the communication leaves the
> US (virtual) border?
If your company is US owned, you can export "strong" encryption (such as 128
bit IDEA) to your overseas subsidiaries. The U.S. State Department must
grant an export license for each device, and they will want to know the address
(i.e. street address) where the device is installed.
The ciphers that I know for a fact that they will allow you to send are 56
bit DES and 128 bit IDEA. I do not believe that they have ever granted a
license for export of 3DES.
If your company is not US owned (actually, US or Canadian), then you can only
get 56 bit DES is you are a financial institution. A license *might* be
approved for DES or IDEA for non-financial institutions, but this is unlikely
in the extreme.
You will want to check local laws - France and Russia in particular have very
strong laws regulating the use of encryption within their borders.
Please send any comments/questions directly to me, as I do not follow this
list.
--
- Ted
--------------------------------------------------------------------------
Ted Doty, Network Systems Corporation | phone: +1 301 596-2270
8965 Guilford Road, Suite 250 | fax: +1 410 381-3320
Columbia, MD, 21046 USA | voice mail: (800) 233-1485
--------------------------------------------------------------------------
The opinion expressed in this message is fictitious. Any resemblence to
real opinions, living or dead, is purely coincidental.
