home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Ian & Stuart's Australian Mac: Not for Sale
/
Another.not.for.sale (Australia).iso
/
hold me in your arms
/
crypto.export.controls
/
README
< prev
Wrap
Text File
|
1994-09-12
|
8KB
|
145 lines
Cryptography Export Control Archives
This page indexes various export related items in Cygnus's public FTP
site and in other FTP sites around the country. This README is derived
from the WorldWideWeb page by hand-editing; the web page in export.html
is probably more up to date.
-rw-rw-r-- 1 gnu 7601 Jun 10 11:23 export.html
State Department export guidance
The State Department controls most cryptography exports.
International Traffic in Arms Regulations (ITAR)
This document contains the full set of export regulations from the
State Department. Cryptography is heavily controlled under these
regulations, as if it was a weapon like a tank. Search in it for words
like "crypto", "technical data", "software", and "public domain". This
document is about 380K.
-rw-rw-r-- 1 gnu 376439 May 3 14:58 itar.in.full
Writing your own Commodity Jurisdiction Requests
This handy kit will help you to write your own CJ requests and
shepherd them through the bureacracy. It was collected and brought
online by Lee Tien, tien@toad.com, lawyer for John Gilmore.
-r-xr-xr-x 2 gnu 18644 Jan 14 07:47 cjr.kit
Commerce Department export guidance
These documents related to general Commerce Department rules about
exports. They are not specific to cryptography, which is also controlled by
the State Department. When the State Department has released jurisdiction
of a particular cryptography-related export to the Commerce Department,
then these rules take effect.
General License GTDA regulations, including FAQ
This document contains the licensing regulations for General
Technical Data exportable to All destinations (GTDA). It is followed by
a question-and-answer guide written by the Commerce Department
to help explain their often confusing regulations. The management of
the BITNET obtained these documents in electronic form and made
them available to the net.
-rwxrwxr-x 1 gnu 43474 Feb 2 23:24 commerce.gtda.license.faq
Export aspects of international networks
This letter from Bill Clements, Director of the Office of Technology
and Policy Analysis, Commerce Department, to the BITNET
management explains their obligations and their members' obligations
under the export laws, regarding exports of technical data and/or
software over an international network.
-rwxrwxr-x 1 gnu 16274 Feb 2 23:27 commerce.legal.network
Legal opinion
This letter from BITNET's lawyers explains a few more issues that
were not clearly addressed in the above letter.
-rwxrwxr-x 1 gnu 8665 Feb 2 23:29 commerce.legal.opinion
Specific Commodity Jurisdiction Requests
These are formal requests sent to the U.S. State Department to ask what
rules need to be followed before a product can be exported from the United
States.
Applied Cryptography -- the book
An excellent textbook by Bruce Schneier. It contains descriptions of
scores of cryptographic algorithms, including `C' source code for
about a dozen. Phil Karn filed this CJR. You would think that under
the First Amendment, there would be no law prohibiting the freedom
to publish this book...and, indeed, the State Department affirms in its
response that it does not control export of this book.
-rwxrwxr-x 1 gnu 60338 Feb 16 18:48 applied-cryptography-cjr
-rwxrwxr-x 1 gnu 1417 Mar 8 16:11 applied-cryptography-cjresponse
Applied Cryptography -- the floppy
This floppy disk, available from Bruce Schneier, contains the exact
same `C' source code that was printed in the book. You would think
that under the First Amendment, there would be no law prohibiting
the freedom to publish this floppy...but the State Department
disagrees. Phil Karn filed this CJR on March 8, 1994, as soon as he
got the response to the first one, but the State Department tarried
long beyond their 15-working-day limit for telling Phil whether he
can export this floppy or not. Phil sent in a further request that they
answer him on April 19, 1994. He also kept calling them, and Alan
Suchinsky of the Office of Defense Trade Controls returned his call on
May 10th, saying that the response had been rewritten twice but was
going to be finalized that week. The formal response arrived on May
11, determining that ``The text files on the subject disk are not an
exact representation of what is found in "Applied Cryptography." Each
source code listing has been partitioned into its own file and has the
capability of being easily compiled into an executable subroutine.'' As
a result, ``This article is designated as a defense article under category
XIII(b)(1) of the United States Munitions List.'' Phil filed an appeal on
June 9, 1994, challenging both the details of the distinction between
the paper and floppy copies, and the Constitutionality of restricting
the export of the floppy version.
-rwxrwxr-x 1 gnu 8381 Mar 15 14:19 applied-floppy-cjr
-rwxrwxr-x 1 gnu 1698 Apr 19 15:10 applied-floppy-cjr-request
-rw-rw-r-- 1 gnu 709 May 10 17:20 applied-floppy-cjr-suchinsky
-rw-rw-r-- 1 gnu 2379 May 11 15:52 applied-floppy-cjresponse
-rw-rw-r-- 1 gnu 11531 Jun 10 11:29 applied-floppy-appeal
Kerberos software without the cryptography
This is a stripped-down version of the MIT Kerberos network security
software, with all the cryptographic code removed, and all the calls to
cryptographic code removed. It's called the "bones" of Kerberos. MIT
did this to produce a version that was likely to be exportable. Indeed,
when Cygnus asked, the State Department confirmed that it is not
controlled by State. We then sent a formal request to the Commerce
Department to see whether it was exportable according to their rules.
They replied, but did not rule on whether we could use the GTDA
export license, which permits exports to all countries without any
paperwork. We sent in a second request and eventually the Commerce
Department replied that indeed, because ``the software is available to
the public without charge over the Internet, it is eligible for export
under General License GTDA''. They still haven't told us whether and
how we need to file a ``Shipper's Export Declaration'' when someone
FTP's this software from us.
-rwxrwxr-x 1 gnu 8109 Feb 2 23:03 kerberos-bones-cjr
-rwxrwxr-x 1 gnu 1175 Feb 2 22:59 kerberos-bones-cjresponse
-rwxrwxr-x 1 gnu 14068 Mar 10 14:50 kerberos-bones.commerce.req
-rw-rw-r-- 1 gnu 5844 Apr 20 12:15 kerberos-bones.commerce.req.ans
-rwxrwxr-- 1 gnu 5434 Mar 21 13:15 kerberos-bones.commerce.2nd
-rw-rw-r-- 1 gnu 6039 Jun 1 13:22 kerberos-bones.commerce.2nd.ans
EFF Crypto Export (ITAR, Cantwell, etc.) Doc. Archive
The Electronic Frontier Foundation maintains an archive of Crypto Export
related documents centered around Rep. Maria Cantwell's bill to legalize
export of mass market cryptographic software.
http://www.eff.org/pub/EFF/Policy/Crypto/ITAR_export/
ftp://ftp.eff.org/pub/EFF/Policy/Crypto/ITAR_export/
EFF Action Alerts
The Electronic Frontier Foundation's list of current hot topics, some of
which are likely to include crypto export.
http://www.eff.org/alerts.html
gnu@cygnus.com, gnu@toad.com, gnu@eff.org