We need to do an audit of our "crypto", both current and planned. (fwd)

Vladimir Mencl, MK, susSED mencl at nenya.ms.mff.cuni.cz
Thu Jan 13 19:31:16 CET 2000

Previous message: VYRIESENE: Instalacia ver. 3.4 na 13 GB HDD
Next message: We need to do an audit of our "crypto", both current and planned. (fwd)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]


Americka vlada zase neco divnyho vyvadi ohledne pravidel pro export
sifrovavich algroritmu - tohle ted bezelo na freebsd-security at freebsd.org


				Vlada Mencl


---------- Forwarded message ----------
From: Jordan K. Hubbard <jkh at zippy.cdrom.com>
To: markm at FreeBSD.ORG
Cc: security at FreeBSD.ORG
Date: Thu, 13 Jan 2000 09:23:55 -0800
Subject: We need to do an audit of our "crypto", both current and planned.

So that we can obey this clause of the new export agreement:

Encryption source code which is available to the public and which is
subject to an express agreement for the payment of a licensing fee or
royalty for commercial production or sale of any product developed
using the source code (such as "community source" code) may be
exported under a license exception to any end-user without a technical
review. At the time of export, the exporter must submit to the Bureau
of Export Administration a copy of the source code, or a written
notification of its Internet address. All other source code can be
exported after a technical review to any non-government
end-user. U.S. exporters may have to provide general information on
foreign products developed for commercial sale using commercial source
code, but foreign products developed using U.S.-origin source code or
toolkits do not require a technical review.

E.g. I need to submit a written notification containing the URL
pointing to just the crypto stuff we're going to do, including future
items like OpenSSH, IPSec, etc.  Once that's done, at least as I read
this agreement (and have at least 3 times :), we and any mirror site
in the U.S. containing the FreeBSD code should be in the clear.

I'm also sure that it's possible to read this agreement in such a way
that, with sufficient paranoia, one could conclude that nothing had
changed and it was all a plot by the space aliens to lend us a false
sense of security, but I'd rather not hear those arguments from people
right now, I just want to know what we should "declare" as part of
this process. :)

- Jordan


To Unsubscribe: send mail to majordomo at FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Previous message: VYRIESENE: Instalacia ver. 3.4 na 13 GB HDD
Next message: We need to do an audit of our "crypto", both current and planned. (fwd)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list