a/crypto-kernel

Date:   Tue, 11 Jan 2000 22:13:26 -0500
From:   "Michael H. Warfield" <mhw@wittsend.com>
To:     linux-kernel@vger.rutgers.edu
Subject: 2.4 and Strong Cryptography...

All,

	Ok...  This is probably three days premature but I think it needs
to be out in from of everyone...  We may have a feature freeze for 2.4 but
we also have, it seems, a golden window of opportunity.

	The US government is about to relax the crypto export regulations,
in ways we could not have anticipated 6 months ago, vis-a-vis open source
and publicly available cryptography.  The first draft of the regulations
were, unexpectedly, promising but held some ambiguities for the open-source
community.  The second draft can only be considered a Christmas present with
the open source regs being reduced to little more than "tell us where it
is and then do it".  The full text of the regulation changes can be found
at:

	<http://www.cdt.org/crypto/admin/991217draftregs.shtml>;

	The open source stuff has been reduced to three paragraphs:

] SEC. 740.13 TECHNOLOGY AND SOFTWARE < UNRESTRICTED (TSU)
]
]   (e) Unrestricted Encryption Source Code
]       (1) Encryption source code controlled under 5D002 which would be
]       considered publicly available under Section 734.3(b)(3) and which
]       is not subject to an express agreement for the payment of a
]       licensing fee or royalty for further commercial production or
]       sale of any product developed with the source code is released from
]       EI controls and may be exported or re-exported without review under
]       License Exception TSU, provided you have submitted written
]       notification to BXA of the Internet address (e.g. URL) or a copy
]       of the source code by the time of export. Submit the notification
]       to BXA and send a copy to ENC Encryption Request Coordinator
]       (see Section 740.17(g)(5) for mailing addresses).
]
]       (2) You may not knowingly export or re-export source code or
]       products developed with this source code to Cuba, Iran, Iraq,
]       Libya, North Korea, Sudan or Syria.
]
]       (3) Posting of the source code on the Internet (e.g., FTP or
]       World Wide Web site) where the source code may be downloaded by
]       anyone would not establish "knowledge" as described in subparagraph
]       (2) of this section. In addition, such posting would not trigger
]       "red flags" necessitating the affirmative duty to inquire under
]       the "Know Your Customer" guidance provided in Supplement No. 3
]       to Part 732.

        You'll notice that the second paragraph is the stock "restricted
countries" list and the third paragraph is a "safe haven" clause for
ftp/http posting.

        This basically says that crypto source code which is unencumbered
may be exported merely by notifying them of the URL (mailto URL's????)
where it is available from.  No review, no approval, no license, no key
length silliness, and no inherited encumberances.  :-)

        I won't post the whole $#@$#@ thing (since you can read it at the
CDT site anyways) but for things like "Idea" and "RSA", which ARE encumbered
by patents, similar clauses exist at 740.17(a)(5) which say basically the
same thing.

        This is scheduled to become finalized on January 14.  Everything
I have heard indicates that there will be no significant changes at this
point and these will be the new regulations and will be finalized on
schedule.
                
	If these regs get finalized and are in the form we now expect them
to be in, can we get the paperwork filled and get IPSEC (and other crypto
goodies like ppdd) into the 2.4 kernel?  KLIPS (from IPSEC) would be a
wonderful win!  That would put us up with OpenBSD with integrated IPSEC
(OK, IKE, aka pluto, still needs improvement - but that's not a kernel issue).

	We can also begin to lobby the distro makers for bundling hardened
crypto like PGP, GPG, CFS, TCFS, SSH, etc, etc, etc, as quickly as possible.
The faster it's there and the faster it spreads the better we can seal this
deal and make it done!

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw@WittsEnd.com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/