Ms. Harris:
I thought the Bernstein case said that public domain research
development for ciphers maybe published and exported?
Very Respectfully,
Stuart Blake Tener, IT3, USNR-R, N3GWG
VTU 1904G (Volunteer Training Unit)
stuart@xxxxxxxxxxx
west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043
east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859
Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's
free!)
JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL.
Monday, July 09, 2001 7:45 PM
-----Original Message-----
From: owner-linux-crypto@xxxxxxxxxxxx
[mailto:owner-linux-crypto@xxxxxxxxxxxx]On Behalf Of Sandy Harris
Sent: Monday, July 09, 2001 7:09 PM
To: linux-crypto@xxxxxxxxxxxx
Subject: Re: Using Crypto under LM8+2.4.6
"IT3 Stuart B. Tener, USNR-R" wrote:
> There is a "one-better" solution. If the kernel were integrated
with
> all the links to have crypto, and dummy crypto modules were supplied (that
> did nothing with the clear text, basically passing back exactly what it
> receives), then all that would be necessary is to replace the bogus
modules
> with real modules to gain crypto abilities.
The problem here is not technical. The problem is export laws that prevent
US,
and perhaps some other, distributions from shipping with crypto included.
e.g.
for FreeS/WAN IPSEC, we have this in the docs:
http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/intro.html#products
| Unfortunately the export laws of some countries restrict the distribution
of
| strong cryptography. FreeS/WAN is therefore not in the standard Linux
kernel
| and not in all CD or web distributions.
|
| Full Linux distributions
|
| FreeS/WAN is included in various general-purpose Linux distributions from
| countries (shown in brackets) with more sensible laws:
|
| European versions of SuSE Linux (Germany)
| Conectiva (Brazil)
| the server edition of Corel Linux (Canada)
| the Polish(ed) Linux Distribution (Poland)
| Trustix Secure Linux (Norway)
|
| Firewall distributions
| ...
| Firewall and VPN products
| ...
The same reasons apply to encrypting file systems, the international patch,
in fact anything that uses strong crypto. Conectiva ship with FreeS/WAN,
SSH, I think file encryption, ..., but kernel.org and US companies have
difficulty doing that.
US and other export laws have undergone some changes recently, and
kernel.org
now carries the international patch. However, there are still restrictions
and it is still not clear that we can do the Right Thing, put strong crypto
in the standard kernel and therefore have it available to all Linux users
without fuss.
Your solution with dummy modules does not work, because the writers of the
export laws excluded that approach. Any "crypto-shaped hole", any interface
designed to make adding cryptography easy, is covered by those laws.
For discussion, see:
http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/politics.html#polit
ics
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
