Revision of US Crypto Export Controls

Bill Stewart bill.stewart at pobox.com
Fri Dec 12 13:32:16 EST 2003 

It's nice to see that, five+ years after the DES crack and
         a month after the RSA-576 challenge was broken
         (and rather longer since 512-bit cracks),
         and as spread-spectrum phones and data cards are under $50
         and wireless security has become a major industry concern,
that our government still cares enough to protect us by
limiting export of those technologies so the Commies don't get them...

I guess the FreeS/WAN project still needs to stay outside the US.

         Bill Stewart

At 05:08 AM 12/11/2003 -0800, John Young wrote:
>On December 10, 2003, the Bureau of Industry and Security issued
>a final rule to revise the Commerce Control List which regulates
>export of US technologhy. Below are excerpts involving encryption.
>The full rule:
>
>   http://cryptome.org/bis121003.txt
>.....
>     a.1.a. A ``symmetric algorithm'' employing a key length in
>excess of 56-bits; or
>     a.1.b. An ``asymmetric algorithm'' where the security of the
>algorithm is based on any of the following:
>     a.1.b.1. Factorization of integers in excess of 512 bits (e.g.,
>RSA);
>     a.1.b.2. Computation of discrete logarithms in a multiplicative
>group of a finite field of size greater than 512 bits (e.g., Diffie-
>Hellman over Z/pZ); or
>     a.1.b.3. Discrete logarithms in a group other than mentioned in
>5A002.a.1.b.2 in excess of 112 bits (e.g., Diffie-Hellman over an
>elliptic curve);
>     a.2. Designed or modified to perform cryptanalytic functions;
>     a.3. [RESERVED]
>     a.4. Specially designed or modified to reduce the compromising
>emanations of information-bearing signals beyond what is necessary
>for health, safety or electromagnetic interference standards;
>     a.5. Designed or modified to use cryptographic techniques to
>generate the spreading code for ``spread spectrum'' systems,
>including the hopping code for ``frequency hopping'' systems;
>     a.6. Designed or modified to use cryptographic techniques to
>generate channelizing or scrambling codes for ``time-modulated
>ultra-wideband'' systems;
>     a.7. Designed or modified to provide certified or certifiable
>``multilevel security'' or user isolation at a level exceeding Class
>B2 of the Trusted Computer System Evaluation Criteria (TCSEC) or
>equivalent;
>     a.8. Communications cable systems designed or modified using
>mechanical, electrical or electronic means to detect surreptitious
>intrusion.




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list