[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: US Crypto policy shift.
On Wed, 12 Jan 2000, David Terrell wrote:
> An excerpt:
> Global Exports of Unrestricted Encryption Source Code
> Encryption source code which is available to the public and which
> is not subject to an express agreement for the payment of a licensing
> fee or royalty for commercial production or sale of any product
> developed with the source code may be exported under a license
> exception without a technical review. The exporter must submit to
> the Bureau of Export Administration a copy of the source code, or
> a written notification of its Internet location, by the time of
> export. Foreign products made with the unrestricted source code do
> not require review and classification by the U.S. Government for
> reexport. This license exception should apply to exports of most
> "open source" software.
> This should mean the end of "you can't download OpenBSD from US servers
> if you're not in the US" at least. And it looks like it's perfectly
> legal for US residents to publish crypto code freely, as long as we
> tell someone about it.
> I wonder if there's an email box somewhere we can Cc: patches to, for
> formality's sake.
You only need inform (in writing) the US BXA of the location of download
(i.e. an URL) by the time of export. So sending one letter saying,
http://www.usa1.openbsd.org/ contains cryptographic software freely
redistributed with its source code, then that site can export crypto.
Of course it isn't clear that whether the letter, in writing - suggests a
physically piece of paper, must arrive at BXA before the can open the site
or can the site open when the letter is sent. :)
In the end, it means Niels doesn't have to go to Windsor, ON,
Canada to write code. He can inform BXA of a US based Internet server
(cvs, ftp, or http) where his cryptographic source code can be obtained.
This does not change FreeSWAN too much, it has been developed largely in
(Ont) Canada, although it means that the next distribution releases of
Linux can also include FreeSWAN in the basic package. So we are going to
see an increase in demand for IPSec, which is a good thing.
This looks like a major change, OpenBSD does not have to be quite so
Canada-centric, and we can hopefully expect an increase of strong
cryptography enhancements from US programmers.