[147009] in cryptography@c2.net mail archive
[Cryptography] Laws and cryptography
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Gr=E9gory_Alvarez?=)
Wed Sep 11 13:03:47 2013
X-Original-To: cryptography@metzdowd.com
From: =?iso-8859-1?Q?Gr=E9gory_Alvarez?= <gregory@alvarez-garcia.com>
Date: Wed, 11 Sep 2013 10:58:58 +0200
To: cryptography@metzdowd.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
--===============2423514303678891600==
Content-Type: multipart/alternative; boundary="Apple-Mail=_6A3D46EC-7CAB-4F5D-B9DE-C57F3EDEFCF1"
--Apple-Mail=_6A3D46EC-7CAB-4F5D-B9DE-C57F3EDEFCF1
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
Hello,
Over the past year I was in contact with different cryptographers (I was =
designing a new symmetric algorithm) and they all told me in order to =
publish it no governmental authorization was needed. They also told me =
that they publish paper all the time without having an authorization.
However there is the Wassenaar Arrangement between US, Europe and other =
countries that regulate the export and use of cryptography =
(http://www.wassenaar.org/introduction/index.html).
The Article 3 of the chapter 2 of the european law says : An =
authorisation shall be required for the export of the dual-use items =
listed in Annex I =
(http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=3DOJ:L:2009:134:000=
1:0269:en:PDF).
What they consider dual-use items is A =E2=80=B2=E2=80=B2symmetric =
algorithm=E2=80=B2=E2=80=B2 employing a key length in excess of 56 bits =
(http://www.wassenaar.org/controllists/2012/WA-LIST%20%2812%29%201/08%20-%=
20WA-LIST%20%2812%29%201%20-%20Cat%205P2.doc).
The department of the ministry of defense that handle this regulation =
can't answer if publishing a cryptographic algorithm needs an =
authorization. However the Wassenaar Arrangement clearly says that =
material, software and technology need an authorization to be exported / =
published.
What is actually the status of the law about cryptography and publishing =
new algorithms ? Is the cryptographer that publish a paper without =
governmental authorization an outlaw ?=
--Apple-Mail=_6A3D46EC-7CAB-4F5D-B9DE-C57F3EDEFCF1
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=utf-8
<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; =
">Hello,<div><br></div><div>Over the past year I was in contact with =
different cryptographers (I was designing a new symmetric algorithm) and =
they all told me in order to publish it no governmental authorization =
was needed. They also told me that they publish paper all the time =
without having an authorization.</div><div><br></div><div>However there =
is the Wassenaar Arrangement between US, Europe and other countries that =
regulate the export and use of cryptography (<a =
href=3D"http://www.wassenaar.org/introduction/index.html">http://www.wasse=
naar.org/introduction/index.html</a>).</div><div><br></div><div>The =
Article 3 of the chapter 2 of the european law says : <i>An =
authorisation shall be required for the export of the dual-use =
items listed in Annex I </i>(<a =
href=3D"http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=3DOJ:L:2009:=
134:0001:0269:en:PDF">http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?ur=
i=3DOJ:L:2009:134:0001:0269:en:PDF</a>).</div><div><br></div><div>What =
they consider dual-use items is <i>A =E2=80=B2=E2=80=B2symmetric =
algorithm=E2=80=B2=E2=80=B2 employing a key length in excess of 56 =
bits</i> (<a =
href=3D"http://www.wassenaar.org/controllists/2012/WA-LIST%20%2812%29%201/=
08%20-%20WA-LIST%20%2812%29%201%20-%20Cat%205P2.doc">http://www.wassenaar.=
org/controllists/2012/WA-LIST%20%2812%29%201/08%20-%20WA-LIST%20%2812%29%2=
01%20-%20Cat%205P2.doc</a>).</div><div><br></div><div>The department of =
the ministry of defense that handle this regulation can't =
answer if publishing a cryptographic algorithm needs an authorization. =
However the Wassenaar Arrangement clearly says that material, software =
and technology need an authorization to be exported / =
published.</div><div><br></div><div>What is actually the status of the =
law about cryptography and publishing new algorithms ? Is the =
cryptographer that publish a paper without governmental authorization an =
outlaw ?</div></body></html>=
--Apple-Mail=_6A3D46EC-7CAB-4F5D-B9DE-C57F3EDEFCF1--
--===============2423514303678891600==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
--===============2423514303678891600==--
