NetNews Usenet Archive 1992 #31

home *** CD-ROM | disk | FTP | other *** search

/ NetNews Usenet Archive 1992 #31 / NN_1992_31.iso / spool / sci / crypt / 6112 < prev next >

Wrap

Internet Message Format | 1992-12-23 | 3.7 KB

Xref: sparky sci.crypt:6112 alt.security.pgp:397 Newsgroups: sci.crypt,alt.security.pgp Path: sparky!uunet!mcsun!Germany.EU.net!rzsun2.informatik.uni-hamburg.de!fbihh!bontchev From: bontchev@fbihh.informatik.uni-hamburg.de (Vesselin Bontchev) Subject: Re: Legal Stuff! Message-ID: <bontchev.725110231@fbihh> Sender: news@informatik.uni-hamburg.de (Mr. News) Reply-To: bontchev@fbihh.informatik.uni-hamburg.de Organization: Virus Test Center, University of Hamburg References: <bontchev.724943800@fbihh> <1992Dec21.203115.12176@netcom.com> <bontchev.725032635@fbihh> <1992Dec22.215815.3172@netcom.com> Date: 23 Dec 92 11:30:31 GMT Lines: 63 strnlght@netcom.com (David Sternlight) writes: > 1. For PGP to be written from scratch in the U.S. to incorporate > RSAREF, thus permitting communications between the U.S. version > and any other while honoring what I understand to be RSA's patents > and the Munitions laws. Such a rewrite could be used here, but > not exported. I don't think there's a problem with exporting > messages and keys themselves. This seems to be the best solution to me... If I understand it correctly, the RSAREF license allows any modification of their code, if you don't change the interface (if you do, you must get a permission from them first). If it is indeed so, then it is quite reasonable. I've heard that the currently distributed RSAREF routines are not exactly speed demons (I might be wrong), but this could be fixed... The most important thing is to produce a program that will be message-compatible with the current PGP, because this will allow the U.S. citizens to legally exchange encrypted messages with PGP users who are outside the USA... RIPEM itself won't be enough, since it oriented towards public key servers, while PGP is more appropriate for individual users... Is there anything the interface of the RSAREF routines that will prevent building a PGP-compatible program based on them? > 2. For RIPEM's cryptographic components (DES and RSAREF) to somehow > be rewritten de novo outside the U.S. to be consistent with national > crypto and patent laws, thus permitting communications between the > U.S. version of RIPEM and any other. DES has been implemented outside the USA since a long time... I guess that implementation of the RSAREF routines will be trivial, if somebody bothers to publish the interface. However, this is still not enough, because if I understood correctly the author of RIPEM, his package is not available to non-US citizens - because it is not distributed witout RSAREF & DES. > 3. For RIPEM to be upgraded in the U.S. to include IDEA, and PGP format > compatibilty. Unlikely... The key management in the two products is based on two too different concepts... I have seen a couple of RIPEM messages and they seem too much incompatible with PGP to me... For instance, PGP extracts all information needed from the body of the message, while RIPEM relies heavily on the header of the e-mail message... I am not saying that PGP compatibility cannot be achieved, but it seems too much work for me... > 4. For the Munitions Act/ITAR regulations to be changed AND PKP's > patents overturned (or expire). I somehow do not share the hope expressed here by some people that the new US administration will lift the restrictions on cryto software... Besides, could somebody check whether PKP's patents are renewable? If they are, we might have to wait a long time... :-) Regards, Vesselin -- Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN < PGP 2.1 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C e-mail: bontchev@fbihh.informatik.uni-hamburg.de D-2000 Hamburg 54, Germany