Bert,

On Aug 31, 2008, at 1:34 PM, bert hubert wrote:
> Technically, this may be true - but I got into trouble over an AES- 
> based
> random generator, even though it does not encrypt any user supplied  
> data.

Back when I was trying to get an early version of BIND shipped with  
RSA BSAFE (around the turn of the century), I got hung up with lawyers  
(coincidentally enough, including the same lawyer DJB used for his  
lawsuit against the US government over cryptography and the lawyer who  
wrote one of the books lawyers used to use for export-related matters)  
trying to figure out if we needed to get a license from the US  
government to export "munitions".  Our approach was to point out  
repeatedly that DNSSEC provided authentication only and not encryption  
(and try to ignore Rivest's "Chaffing and Winnowing" paper).  After  
about a year of fruitless discussion with the Bureau of Export  
Administration, the USG changed their policy and allowed exports with  
a self-declared license for the stuff we were doing.

> It does create problems though.

Not having looked at this (or consulted a lawyer), I would guess  
things would probably be much more complicated today given the current  
political situation as well as the fact that DNSCurve actually does do  
encryption.  But that would only be a guess...

Regards,
-drc

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to