Mr. Harris, Mr. Chan, et al.: I must question if either of you actually even read what I posted, because your response absolutely makes no sense relative to the commentary I scripted. I would request you re-read my posting below, particularly, the section which says, "dummy crypto modules were supplied (that did nothing with the clear text, basically passing back exactly what it receives), then all that would be necessary is to replace the bogus modules with real modules to gain crypto abilities." I would have thought that, you would understand this to mean that if you ship Linux to a target country, and it had an AES-128 module compiled into the kernel which in fact did not perform any encryption service but just returned the clear text it was passed absent any modification to it, how would this be illegal in countries which disallow the importation or exportation of such technologies? If then a target user was in a country which did allow the importation of such technologies, then he could replace the dummy modules with a real encryption module which passes back cipher text not clear text. In other words (at least in the USA), you can call a piece of software an encryption software, but if in fact it does NOT encryption the code it is supposed to, you did not export or import encryption code. One of the predicating factors is that it must in fact actually achieve the goal of encrypting the clear text and not just return the clear text unmodified or the Federal Government can charge you no violation of any criminal act. Why do all that? To insure an integration of a crypto API into the standard kernel distribution, which would not force all this modification to take place. As well, then a person would need only replace "dummy" encryption modules with real encryption modules, if allow by local legislation to do so. Export laws do not prevent the API from being inclusive to Linux, they prevent the actually encryption code from being in Linux, period. Very Respectfully, Stuart Blake Tener, IT3, USNR-R, N3GWG Beverly Hills, California VTU 1904G (Volunteer Training Unit) stuart@xxxxxxxxxxx west coast: (310)-358-0202 P.O. Box 16043, Beverly Hills, CA 90209-2043 east coast: (215)-338-6005 P.O. Box 45859, Philadelphia, PA 19149-5859 Telecopier: (419)-715-6073 fax to email gateway via www.efax.com (it's free!) JOIN THE US NAVY RESERVE, SERVE YOUR COUNTRY, AND BENEFIT FROM IT ALL. Thursday, July 12, 2001 11:11 AM -----Original Message----- From: owner-linux-crypto@xxxxxxxxxxxx [mailto:owner-linux-crypto@xxxxxxxxxxxx] On Behalf Of Hubert Chan Sent: Thursday, July 12, 2001 11:05 AM To: linux-crypto@xxxxxxxxxxxx Subject: Re: Using Crypto under LM8+2.4.6 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Sandy" == Sandy Harris <sandy@xxxxxxxx> writes: Sandy> "IT3 Stuart B. Tener, USNR-R" wrote: >> There is a "one-better" solution. If the kernel were integrated with >> all the links to have crypto, and dummy crypto modules were supplied >> (that did nothing with the clear text, basically passing back exactly >> what it receives), then all that would be necessary is to replace the >> bogus modules with real modules to gain crypto abilities. Sandy> The problem here is not technical. The problem is export laws Sandy> that prevent US, and perhaps some other, distributions from Sandy> shipping with crypto included. And don't forget the countries where crypto code is illegal to possess. - -- Hubert Chan <hackerhue@xxxxxxxx> - http://www.geocities.com/hubertchan/ PGP/GnuPG key: 1024D/71FDA37F Fingerprint: 6CC5 822D 2E55 494C 81DD 6F2C 6518 54DF 71FD A37F Key available at wwwkeys.pgp.net. Please encrypt *all* e-mail to me. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7TebMZRhU33H9o38RAtydAKC5kYFvLJj9wlgODL6418yPIUmx7wCfRTJa c8S3cgvFuFYeL9fQdRIKA8s= =ndJd -----END PGP SIGNATURE----- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/ Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
