[890] in cryptography@c2.net mail archive
Re: Sun Microsystems to try to go around EAR
daemon@ATHENA.MIT.EDU (Adam Back)
Thu May 22 16:22:19 1997
Date: Thu, 22 May 1997 20:44:37 +0100
From: Adam Back <aba@dcs.ex.ac.uk>
To: warlord@MIT.EDU
CC: cryptography@c2.net, risks@csl.sri.com
Cc: sameer@c2.net
In-reply-to: <sjm3erfwhi4.fsf@incommunicado.ihtfp.org> (message from Derek
Atkins on 22 May 1997 13:20:35 -0400)
Derek Atkins <warlord@mit.edu> writes:
> Who says that this software is unevaluated by Sun? Just because Sun
> did not give technical help to the Russians does not mean that the did
> not look at the code prior to signing the deal. Granted, this is
> speculation on my part; I don't know anything about the deal.
>
> Just remember that right now there still are no limitations on the
> IMPORT of cryptography into the United States, so it would be
> perfectly legal for Sun to import the code from Russia, look at it,
> and say "yep, its ok".
Not if they told the Russians that. Clearly if they got the deal,
they would have told them. That's 1 bit of advice (bit as in 8 bits
to the octet).
Come on now, you've got to take these things to their illogical
conclusions, this is the US government export controls we're talking
about.
Sending 100 bytes of advice would clearly be illegal. Why should
there be any special exemption for 1 bit? We can construct a larger
piece of advice from smaller bits of advice 20 questions
style...
Russian sun subcontractor: is it ok?
Sun: no
R: ok, well is it the key schedule?
S: warmer
.... etc
And that's structuring to get around the law also :-)
Anyway Sameer Parekh and C2Net already did the end run around EARs
with StrongHold, and SafePassage, so don't let Sun take all the
lime-light.
Also there's the Phil Zimmermann/PGP Inc approach: hold a crypto
"workshop" which Sun's Russian subcontractors just happen to come to
and attempt to use the academic exemption. Or Sun US publish a
printed book of the diffs to fix bugs found during conformance
testing, and export this to Russia.
Anyway, nice one Sun, glad to see a large company stand up to the
export control sham.
One puzzling thing is I understood export, import, and use of crypto
in Russia were made illegal a couple of years back. How are the
Russians able to do the work without getting in trouble themselves?
Do they have unofficial permission from the KGB, someone claimed that
the company in question was largely ex-KGB cryptographers.
(And don't export the .sig either, it's 148 bytes of cryptographic
program :-)
Adam
--
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/
print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
