[Cryptography] NSA's FAQs Demystify the Demise of Suite B
John Gilmore
gnu at toad.com
Sat Feb 13 13:47:49 EST 2016
> A developer of software that uses digital signatures but no
> encryption can avoid the hassle and expense of dealing with export
> regulations by using DSA instead of RSA...
This sounds like an obsolete 1990's argument -- why bring it up now?
What hassle and expense of dealing with export regulations?
In 2000 we forced the US export regs to change, so that no free
software, and no mass market software, has hassle or expense. (That
was forced with set of a First Amendment lawsuits arguing successfully
that the government could not burden the "publication" of software,
just as it cannot burden the "publication" of English text
descriptions of encryption.)
The only folks who have to deal with US export controls on crypto these
days, as I understand it, are those who build custom, proprietary
software; or those who build hardware custom designed for
cryptanalysis (like a DES cracker).
When I last looked, the rest of the world had resisted the US
desire to lock down mass market encryption products (sold to anybody
via mail order, or web stores, or in physical stores) and the desire
to lock down free software encryption products (like Firefox or
GNU Privacy Guard). So again, in the rest of the world, only
custom proprietary software, or hardware, have to think about export
controls.
John
More information about the cryptography
mailing list