[2369] in cryptography@c2.net mail archive
Authentication export (was: Rivest's Wheat & Chaff)
daemon@ATHENA.MIT.EDU (Rick Smith)
Wed Mar 25 16:09:36 1998
In-Reply-To: <199803250025.BAA29723@basement.replay.com>
Date: Wed, 25 Mar 1998 10:31:59 -0600
To: cryptography@c2.net
From: Rick Smith <rsmith@securecomputing.com>
At 1:25 AM +0100 3/25/98, Anonymous wrote:
>Take a look at how the regs are actually worded. This is 5A002 of
>15 CFR 774, the Commerce Control List.
>: Note: 5A002 does not control:
>:
>: ... skipping some, we come to ...
>:
>: g. Data authentication equipment that calculates a Message
>: Authentication Code (MAC) or similar result to ensure no alteration of
>: text has taken place, or to authenticate users, but does not allow for
>: encryption of data, text or other media other than that needed for the
>: authentication;
I stand corrected. I also checked with our legal eagle here to verify the
practical interpretation. When we ship SafeWord authentication products to
overseas customers we indicate the appropriate export identifier (ECN) for
authentication software on the export documents, and off it goes. As they
said, no Commerce review, you just declare that the software is
authentication only.
Rick.
smith@securecomputing.com
