Question on export issues

Jon Callas jon at callas.org
Sun Jan 6 21:52:33 EST 2008 

On Jan 4, 2008, at 12:50 PM, Thierry Moreau wrote:

>
>
> Jon Callas wrote:
>
>> They let strong crypto through all the time. I can't imagine what   
>> *technology* you couldn't get through.
>
> Do you have an example of allowed strong crypto having good key  
> management and not already widely-implemented/easily-implementable  
> by competitors outside of the Wasseenar zone?

I'm sorry, but I don't understand the question. I've read it about  
ten times and don't know what you're asking. Let me try to answer by  
talking around it.

If you look at the basic components we have, the ciphers, hash  
functions, and so on, they're all secure enough that a major  
government can't crack them. Yes, we know that there are weaknesses  
in lots of hash functions, but by now, we have a pretty good handle  
on that. We know about how broken they are, and there are  
workarounds. Furthermore, if you look at the push to fix this --  
where is it coming from? NIST, NESSIE, etc.

If you look at the medium-level functions, like HMAC, salted hashing,  
tweakable cipher modes, and so on, they are *more* secure. For  
example, even if you don't like SHA-1, a SHA-1 HMAC is still  
considered secure.

If you look at the protocols, like TLS, IPsec, OpenPGP, S/MIME, and  
so on, they're also secure, because they assemble the reasonably  
secure components together reasonably securely. Yes, we can have  
discussions about some of them, but again, we know lots about their  
security, and can actually discuss it rationally. It was much harder  
to do that ten to twenty years ago.

All of these things are freely exportable. It's just a matter of  
filling out paperwork.

I don't have an example of a cryptosystem that I'd actually want to  
use that is non-exportable. And I'm sure that if someone made  
something that is custom, it's exportable. I have direct evidence of  
this.

Back in 1999, when we were at Counterpane together, John Kelsey and I  
created a set of incompatible Blowfish variants. We were going to use  
them in TLS so that Counterpane gear would have its own little walled  
garden. We could have used a family key, but this was fun, and also a  
test of the export regime. Blowfish, as you may or may not know, has  
some initialization constants that are hex digits of pi. These  
"colorfish" ciphers used different digits of pi for the  
initialization. I constructed the family of: Blackfish, Brownfish,  
Redfish, Orangefish, Yellowfish, Greenfish, Bluefish, Indigofish,  
Purplefish, Whitefish, Silverfish, Goldfish, Octarinefish, and  
Plaidfish. I sent them for export and there wasn't a peep. Nothing.  
These days, British Telecom owns them.

There are cryptosystems I know of from non-Wassenaar countries that I  
wouldn't go near. I don't think they're very good. I don't care if  
that's a matter of competence or malice; I'm not favorably impressed.  
I am, however, quite sure they're exportable.

I don't have an example of any crypto technology that I would think  
wouldn't be exportable.


>
>> Definitely, however, there are  *people* who couldn't get an  
>> export license because they've been bad  in the past.
>
> If one were to look emprircally at these *poeple*, is it possible  
> that, e.g. as if by chance, they would be designers of good crypto  
> having good key management and not widely-implemented/easily- 
> implementable by competitors outside the Wasseenar zone?
>
>> So the answer to your questions is that they're vetting who you  
>> are  far more than what you're exporting.
>
> Do you mean that they judge whether your are competent to design  
> good crypto of the above type? Perhaps even they assess whether you  
> are "organizationally unimpeded" to do so?

No, I don't mean that. Crypto is a "dual use" technology. Most things  
are dual use. There are obvious dual use things, like nuclear  
materials, but video games are also dual use, as are milling  
machines, laser diodes, navigation equipment, and so on. Basically,  
if it's fun, it's dual use.

You have to have export licenses for dual use items. Sometimes the  
license is very easy to get. In some cases, it is nothing more than  
giving them your web logs if they ask for them and there's nothing  
requiring you to keep them. (Most open source software falls here.)  
Other times, there's more. For some people, like Ivan at OLPC and me  
(at PGP), we jump through hoops we don't necessarily have to because  
we don't want to end up on the wrong side of things.

If you violate export rules, there can be legal and administrative  
penalties. The administrative penalties can be much worse, because  
they can essentially just decide you can't ever export anything.  
These days, I suspect this would also be a good way to end up on the  
permanent SSSS list for flying.

When I took a course on all of this, I was told about a guy in the  
import-export biz who was known for being able to get things into  
countries with sanctions. Eventually, he was caught and never  
prosecuted, but the "administrative" penalties against him mean that  
he had to find a new career. He couldn't get an export license to  
send an Xbox to Canada.

The Treasury Department maintains a list of Bad People. It's on the  
web. Osama bin Laden is one of them, and so is this guy.

That's what I meant.

	Jon

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list