[146539] in cryptography@c2.net mail archive
Re: [Cryptography] FIPS, NIST and ITAR questions
daemon@ATHENA.MIT.EDU (radix42@gmail.com)
Tue Sep 3 14:30:48 2013
X-Original-To: cryptography@metzdowd.com
To: "Alexander Klimov" <alserkli@inbox.ru>
From: radix42@gmail.com
Date: Tue, 3 Sep 2013 16:54:30 +0000
Cc: Cryptography Mailing List <cryptography@metzdowd.com>
Reply-To: radix42@gmail.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--Alexander Kilmov wrote:
>--David Mercer wrote:
>> 2) Is anyone aware of ITAR changes for SHA hashes in recent years
>> that require more than the requisite notification email to NSA for
>> download URL and authorship information? Figuring this one out last
>> time around took looootttttttssssss of reading.
>I used to believe that hashing (unlike >encryption) was not considered
>arms.
>--
>Regards,
>ASK
Its a common misconception. ITAR doesn't require a license or permit for strong hash functions, but for US persons require(d?) notification of NSA of authorship, contact email and download URL(s), at least in 2006 it did. Often observed in the breach as it were, but some need care more about the letter of the law than others. I'm mostly curious if that requirement has gotten more or less stringent.
Thanks, that NIST list looks like the one I need.
-David Mercer
David Mercer
Portland, OR
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
