Changes in Russian licensing of cryptraghical tools

Alexander Klimov alserkli at inbox.ru
Sun Jan 20 03:23:18 EST 2008


On Thu, 17 Jan 2008, Gleb Paharenko wrote:
> Russian government accepted a changes in laws about licensing
> cryptographic algorithms and devices. The statement in Russian
> language:
>   http://www.garant.ru/hotlaw/doc/109485.htm
>
> Essential in English:
>
> You do not need to license staff which uses:
>
>     * symmetric ciphers with key length less 56 bits;
>     * assymetric ciphers with key length less 128 bits based on
>       factoring or discrete logarithms;

In my opinion such a "summary" is very confusing, I suspect that
for ordinary people item "1.b" is more important. The document
says (my translation):

  1. This document is not applicable to distribution of:
  [...]

  b) cryptographic means which are available without limit for
  retail distribution, or thru mail orders, or electronic deals,
  or deals by telephone software operating systems,
  cryptographic capabilities of which cannot be changed by
  customers, which are developed for installation by customers
  without additional significant support by supplier and which
  have technical documentation (description of algorithms of
  cryptographic transformations, communication protocols,
  interface descriptions, etc.) which is available for
  audits.

That is, if I understand correctly, this document is not
applicable to GnuPG or other such tools.

Given what is required to get a license (for example, 4.b in the
first document, says that one must have people trained in
information security), I guess the new law is not supposed to
limit use of cryptography by ordinary people, but to limit
distribution of snake-oil by self-proclaimed "professionals".

-- 
Regards,
ASK

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list