[560] in WWW Security List Archive
Re: use of RSA outside US (was Re: Netscape and 40 bit encry
daemon@ATHENA.MIT.EDU (Phillip M. Hallam-Baker)
Thu Mar 30 14:11:13 1995
To: www-security@ns2.rutgers.edu
cc: hallam@dxal18.cern.ch
In-reply-to: Your message of "Thu, 30 Mar 1995 09:04:10 EST."
<9502307965.AA796583183@CC.IMS.DISA.MIL>
Date: Thu, 30 Mar 1995 17:34:31 +1000
From: "Phillip M. Hallam-Baker" <hallam@dxal18.cern.ch>
Errors-To: owner-www-security@ns2.rutgers.edu
>> I thought the [RSA] algorithm was published.
<
> Well, I certainly hope it's published as I have firm memories of
> implementing it on a _pocket_calculator_ (an HP-16 can manipulate
Its very published indeed...!
>> In which case I write my own code, send it to someone in the US to test
>> against real code then use it for any commercial purpose I see fit.
> I'm not a lawyer (my parents are married), but I have to wonder if
> your "someone" (as he/she is supposedly the only one of you within
> the jurisdiction of US courts) could be charged with conspiracy to
> commit a felony, i.e., circumventing the US export control laws.
ITAR restricts export, not import. But it is not legal to export material
to test cryptographic equipment.
The basis for the ITAR restrictions in law is currently being challenged in
the Phil Zimmermann (PGP) case. Its far from certain that the regulations
are in fact legal.
Given that the US govt once tried to slap a national security order on a
foreign patent application for a cryptographic technique published in the
litterature its attempts to restrict export are not necessarily to be
taken at face value.
Question is whether you want to be involved in a harassment action?
We should have a write in day to tell the people in Congress.
Phill Hallam-Baker
