Current State of Exporting Open-Source Encryption? 22
Jay Maynard asks: "The project team is getting ready to release a new version of the Hercules IBM mainframe emulator. Part of the update is support for new instructions IBM added in their latest z/990 system, and two of those do encryption. The Bureau of Industry and Security (formerly the Bureau of Export Administration) changed their regulations on June 6, 2002 to grant a license to export open-source encryption code to anyone but the usual suspects (denied persons and banned countries). They went on to recently clarify that putting up code for download did not in itself constitute exporting to those banned countries or persons. There are many open-source projects that still host encryption code outside the US because of past rules. Is there still a reason for doing so?"
No. (Score:4, Informative)
Seriously, you just answered your own question. This doesn't mean that Debian can get rid of its non-US archive. It still contains things that are patented in the US or illegal due to the DMCA.
-molo
Yes, very much! (Score:5, Insightful)
It is hopeless. (Score:1, Insightful)
Re:It is hopeless. (Score:4, Informative)
Unless I'm mistaken, there's a card in the back you can send in to have a disk sent to you. The only reason you don't get the software on a disk to begin with is because that would increase production costs.
Re:It is hopeless. (Score:1)
Re:It is hopeless. (Score:1)
Re:It is hopeless. (Score:1)
and in HER window it shows me as a foe. Also true.
off the top? (Score:5, Insightful)
"There are many open-source projects that still host encryption code outside the US because of past rules. Is there still a reason for doing so?"
uhm... why should anyone outside the US believe that the US will continue with its current position? Does the current political climate of the US, as observed by other nations (i.e. Canada), suggest that open-source encryption (read: tools to aid and abet terrorists) will continue to enjoy the lack of restrictions?
i dunno, it seems like a whole shwack of 'once bitten, twice shy' to me.
not trying to flame, i just can't see anything (from this side of the border) to suggest that we should be trusting the US not to change their position. *shrugs*
one good reason to continue (Score:3, Interesting)
its just a matter of time.
Re:one good reason to continue (Score:3, Insightful)
It's even worse than that. The change is an administrative change, not a change to the law. (IANAL, but I have worked under ITAR exemptions in the past and so have made myself familiar with the implications.) Should the administrative change be reversed at some time, and you have exported encryption technology, you have suddenly become guilty of a crime.
Because the law didn't change, it's not a case of ex post facto. It's uncertain w
US policy on exporting Encryption is stupid. (Score:2)
Re:US policy on exporting Encryption is stupid. (Score:2)
Hrmm, ehh, well. If you only worry about the peple capable of building nukes, than your point is valid. But there are plenty of others to worry about, people that could do damage, even if they don't have the resources available to create nukes.
The US, and other large governments, probably all have a few tricks up their sleeve that they don't want to tell the world. Problem is, these are alread
Of course. BSD. (Score:4, Insightful)
to anyone, free to use. This does include Microsoft,
Irak, Afghanistan and others.
Please don't feel offended - this is just the way
the BSD spirit works, and it's intended.
From an European's viewpoint, the US is one of the
most unfree countries around the world.
Re:Of course. BSD. (Score:3, Insightful)
Similar things could be said about Europe, you know (and this is from a leftist), given the following European phenomena:
Anytime you cross the Atlantic (in either direction), it seems you trade in some freedoms in exchange for others.
I doubt it will be a problem (Score:2)
1) It's unlikely that these two new instructions would even count as encryption technology. Unfortunately Google couldn't find me anything about the z/990 extensions, but I rather suspect that if it's just those two codes, they're going to be so low-level as to be almost meaningless. The NSA and etc mostly cares about preventing people from getting their hands on useable applications, rather than the base algorithms - seems they
Re:I doubt it will be a problem (Score:2)
We may find ourselves holding off for now, m
Re:I doubt it will be a problem (Score:2)
Wow, screwy. I've never heard of any chip that did something like this on an instruction level. I don't know about the key length limitations, but I can tell you that I have distributed 168-bit 3DES for years as part of a crypto library and never heard a peep from anyone related to the export laws (many other people continue to host well-known crypto projects out of the US, as w
Re:I doubt it will be a problem (Score:2)
That's why it's a mainframe.
The crypto coprocessors are beyond the scope of Hercules, at least as it stands now (although I wouldn't rule out adding it in the future). Even so, however, I get from my reading of 740.13 that the key length doesn't matter. (Am I wrong there?) I doubt that part will become an issue anytime soon, but the five instructions are rather more of an immediate problem. It looks like the message dig
yes. these are just rules (Score:2)
-russ
Re:yes. these are just rules (Score:2)