Bert, On Aug 31, 2008, at 1:34 PM, bert hubert wrote: > Technically, this may be true - but I got into trouble over an AES- > based > random generator, even though it does not encrypt any user supplied > data.
Back when I was trying to get an early version of BIND shipped with RSA BSAFE (around the turn of the century), I got hung up with lawyers (coincidentally enough, including the same lawyer DJB used for his lawsuit against the US government over cryptography and the lawyer who wrote one of the books lawyers used to use for export-related matters) trying to figure out if we needed to get a license from the US government to export "munitions". Our approach was to point out repeatedly that DNSSEC provided authentication only and not encryption (and try to ignore Rivest's "Chaffing and Winnowing" paper). After about a year of fruitless discussion with the Bureau of Export Administration, the USG changed their policy and allowed exports with a self-declared license for the stuff we were doing. > It does create problems though. Not having looked at this (or consulted a lawyer), I would guess things would probably be much more complicated today given the current political situation as well as the fact that DNSCurve actually does do encryption. But that would only be a guess... Regards, -drc _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop