You're mostly right, but there still needs to be notification: it just has to be concurrent, not previous like I thought. There is explicit exemption of small keys, but those keys have been exempted all the time. The big issue is that it's easier to get the review--submit and go. Publically available (ftp/http) crypto is explicitly okay--no need to check if a .foreigngov addy or a .badguys addy is DLing, but still needs to be vetted: the only thing is it cannot be "knowingly" transmitted: uploaded or emailed to a .badguy or .foreigngov
http://www.bxa.doc.gov/Encryption/Default.htm http://www.bxa.doc.gov/Encryption/nlr.htm and most of the rest of the "Encryption" directory the 1/14/00 press release is at http://204.193.246.62/public.nsf/docs/60D6B47456BB389F852568640078B6C0#a BTW, it checks out--nslookup says it's going to DOCUSER.osec.doc.gov, typical bureaucratic garbage, I'm guessing (but a PITA to hand paste--#$%^ synaptics touchpads...). On Sat, 20 May 2000, Raul Miller wrote: > On Sat, May 20, 2000 at 07:46:11PM -0600, John Galt wrote: > > Has anyone submitted the non-US tree to Treasury so that it can be > > reviewed and exported legally? Unless somebody's done that, the > > current export control laws still prevent export of it...They've been > > LOOSENED, not eliminated. > > Um.. true. But either I didn't understand the original topic, or the > topic has just been changed. > > As I understand the current export regs, cryptography software with > weak keys (defined as less than some number of key bits -- I think 40) > can be exported without any special permits. > > Now, I've not studied this issue intensely, and regs change fairly > quickly. But if I'm wrong, I'd like to see a reference to or a quote > of the relevant regulation. > > Thanks, > > -- Pardon me, but you have obviously mistaken me for someone who gives a damn. email [EMAIL PROTECTED]
