NetNews Usenet Archive 1992 #31

home *** CD-ROM | disk | FTP | other *** search

/ NetNews Usenet Archive 1992 #31 / NN_1992_31.iso / spool / sci / crypt / 5984 < prev next >

Wrap

Internet Message Format | 1992-12-21 | 3.5 KB

Xref: sparky sci.crypt:5984 alt.security.pgp:338 Newsgroups: sci.crypt,alt.security.pgp Path: sparky!uunet!haven.umd.edu!darwin.sura.net!Sirius.dfn.de!news.DKRZ-Hamburg.DE!rzsun2.informatik.uni-hamburg.de!fbihh!bontchev From: bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev) Subject: Re: Legal Stuff! Message-ID: <bontchev.724943800@fbihh> Sender: news@informatik.uni-hamburg.de (Mr. News) Reply-To: bontchev@fbihh.informatik.uni-hamburg.de Organization: Virus Test Center, University of Hamburg References: <1992Dec18.153529.18137@penet.fi> <1992Dec19.211405.22406@netcom.com> Date: 21 Dec 92 13:16:40 GMT Lines: 68 strnlght@netcom.com (David Sternlight) writes: > an3596@anon.penet.fi asks why PGP is available outside the U.S. > but ripem won't be so distributed. And he's asking a perfectly reasonable question, see below. > PGP was coded outside the U.S. and incorporates IDEA, which is a > non-U.S. encryption method. And which is also patented, BTW, just license for non-comercial use is granted. > (By the way, it would be a delicious piece > of irony against those who are taking RSA's invention without > compensation by using pgp, if IDEA were well and truly broken by the > NSA, the Japanese, the French, the British, the Tibetans, and your > commercial competitors.) I would be, but it isn't. Besides, I am perfectly happy to live with an encryption scheme that only a forign intelligence service is able to break... Gee, I would be proud if the considered my messages that important... :-) > Thus PGP does not violate the restriction > against exporting DES since it doesn't use DES, though it cannot be > imported legally into the U.S. where it violates RSA's patents. Some > argue it can't be imported into the U.S. without a Munitions Act > license either. The above statement, is a complete mess. First, according to ITAR, exporting of ANY encryption software might be illegal, not just of DES. (I just wonder how all those crypt(3) functions in the Unixes around were exported...) Second, it is not illegal to import something that infringes patents, it might be just illegal to -use- it. Third, those who are gullible enough to believe to your claim, and those who are paranoid enough to be scared by them, can obtain PGP in a perfecty legal way - from within the USA. It is available for anonymous fpt from: van-bc.wimsey.bc.ca:/pub/crypto/PGP-2.1 pencil.cs.missouri.edu:/pub/crypt soda.berkeley.edu:/pub/cyberpunks/pgp eugene.utmb.edu:/pub/pgp and probably from many others. > ripem was coded in the U.S. and uses DES. DES cannot be exported > outside a few specific countries without a license which will not be > granted by the U.S. authorities. Thus ripem is not legally available > there. Since ripem's use of RSA's patented technology is licensed by > RSA, it does not violate their patents in the U.S. Fortunately, the USA is not the only country that has programmers, so there are plenty of free DES implementations around. I really cannot understand why RIPEM is not available for anonymous ftp, without the DES and the RSAREF stuff. Anybody should be able to plug in additional DES- and RSAREF-compatible modules... Would somebody care to post the specifications of RSAREF? Regards, Vesselin -- Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN < PGP 2.1 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C e-mail: bontchev@fbihh.informatik.uni-hamburg.de D-2000 Hamburg 54, Germany