[3917] in cryptography@c2.net mail archive
Canadian Export Controls on Crypto from DFAIT (fwd)
daemon@ATHENA.MIT.EDU (M Taylor)
Thu Jan 7 13:36:15 1999
Date: Thu, 7 Jan 1999 13:44:41 -0400 (AST)
From: M Taylor <mctaylor@privacy.nb.ca>
To: cryptography@c2.net
---------- Forwarded message ----------
Sender: owner-cypherpunks@einstein.ssz.com
Subject: Canadian Export Controls on Crypto from DFAIT
Date: Wed, 6 Jan 1999 20:11:28 -0400 (AST)
To: efc-talk@efc.ca
From: M Taylor <mctaylor@privacy.nb.ca>
<http://www.dfait-maeci.gc.ca/~eicb/notices/ser113-e.htm>
Export Controls on Cryptographic Goods SER-113
<http://www.dfait-maeci.gc.ca/~eicb/notices/ser113-f.htm>
Contrôles ŕ l'exportation sur les produits de cryptographie
I found this recently, published Jan 5 1999 by the Department of Foreign
Affairs and International Trade (DFAIT). Most of it was expected, most of
it is good. The only confusion, which I'd like to see cleared up, is in
regards to the changes to Mass-Market Software. At first it seems a step
backwards; 64bit symmetric, 512bit RSA, 512bit DH over Z/pZ, 112bit DH
over elliptic curve, but there is either a typo or hope for 128-bit
symmetric algorithm encryption be covered by a General Export Permit,
which might at least make 128-bit mass-market easily exported to many
(US,EU,AU,NZ, ??) countries.
With these changes I expect Entrust, Certicom, ZKS and others won't be
moving their cryptographic development outside Canada as fast as they
would under the US's December announcement. Expect 'mirroring' foreign
offices to continue. I think that if it had not been for Industry Canada's
development of a Canadian Cryptography Policy
<http://strategis.ic.gc.ca/SSG/cy00001e.html> in 1998, the changes would
of been far more instep with US's requests. Canadians are a private
people, and Industry Canada has argued that E-commerce will not
become a reality in Canada without an infrastructure of cryptographic
strong hardware and software.
I will continue to freely export software under the exemption for "in the
public domain" software.
-mctaylor
-----BEGIN QUOTE-----
EXPORT CONTROLS ON CRYPTOGRAPHIC GOODS
Date: December 23, 1998
PURPOSE
...
GENERAL
...
CANADIAN POLICY
...
WASSENAAR ARRANGEMENT
...
LIBERALIZATIONS:
10. The Wassenaar Arrangement Participating States agreed to remove
from control:
...
(e) goods employing a symmetric algorithm with a key length of
56 bits or less;
(f) goods employing an asymmetric algorithm where the security
of the algorithm is based on any of the following:
(i) factorisation of integers not greater than 512 bits
(e.g. RSA);
(ii) computation of discrete logarithms in a multiplicative
group of a finite field of size not greater than 512 bits
(e.g.Diffie-Hellman over Z/pZ); and
(iii) discrete logarithms in a group other than mentioned
in (ii) above and not greater than 112 bits (e.g.
Diffie-Hellman over an elliptic curve).
...
11. In addition, the Wassenaar Arrangement Participating States
agreed:
...
(b) to maintain the existing exemption for software "in the public
domain".
PROPOSED EXPORT CONTROL LIST CHANGES:
12. The Wassenaar Arrangement Participating States agreed to replace
Entry 1 of the General Software Note for Mass Market Cryptographic
Software with a Cryptography Note applicable to both hardware and
software goods that meet all of the following:
(a) generally available to the public by being sold, without
restriction, from stock at retail selling points by means of any
of the following:
(i) over-the-counter transactions;
(ii) mail order transactions;
(iii) electronic transactions; or
(iv) telephone call transactions
(b) the cryptographic functionality cannot easily be changed
by the user;
(c) designed for installation by the user without further
substantial support by the supplier;
(d) does not contain a symmetric algorithm employing a key
length exceeding 64 bits; and
(e) when necessary, details of the items are accessible and
will be provided, upon request, to the appropriate authority in
the exporter's country in order to ascertain compliance with
conditions described in paragraphs a. to d. above.
13. In addition to the technical changes, the Wassenaar Arrangement
Participating States agreed that the controls on Mass Market goods as
defined in sub-paragraph 12 (d) above will remain in effect for two
years and that the renewal of such controls for a successive period
will require the unanimous consent of the Wassenaar Arrangement
Participating States.
ADMINISTRATION
...
18. As soon as practicable, a General Export Permit will
be issued for mass market software employing a
symmetric algorithm with a key length not exceeding 128
bits.
...
EXPORT PERMIT REQUIREMENTS
...
CONTACTS
...
-----END QUOTE-----
