[924] in cryptography@c2.net mail archive
Re: PGP Export: No Big Deal?
daemon@ATHENA.MIT.EDU (Phil Karn)
Fri May 30 11:09:59 1997
Date: Thu, 29 May 1997 22:14:28 -0700 (PDT)
From: Phil Karn <karn@qualcomm.com>
To: andrew_loewenstern@il.us.swissbank.com
CC: cryptography@c2.net
In-reply-to: <9705292302.AA00877@ch1d157nwk> (message from Andrew Loewenstern
on Thu, 29 May 97 18:02:26 -0500)
>Excuse me, but hasn't there always been a "foreign subsidiary" exemption
>clause in the ITAR and now the EAR???
No, though in certain cases they look more favorably toward granting licenses.
A while back I applied for a license to export triple DES to a company
office in Singapore for use in an encrypted IP tunnel back to the
US. Our application was denied. We were later able to get permission
to export a Network Systems Borderguard box that includes 128-bit IDEA
(but not 3DES).
Since PGP also includes IDEA, this new policy is consistent with their
previous decision in our case. Ie., it doesn't really indicate much of
a relaxation in practice. It also makes me wonder about IDEA...
Since my company isn't on the approved list, I guess that means
anybody in one of our overseas offices who wants PGP will have to FTP
it from outside the US instead. How utterly inconvenient.
Phil
