From owner-freebsd-security Fri Jul 28 14:48:19 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.11/8.6.6) id OAA09061 for security-outgoing; Fri, 28 Jul 1995 14:48:19 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.cdrom.com (8.6.11/8.6.6) with ESMTP id OAA09034 ; Fri, 28 Jul 1995 14:47:49 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.11/8.6.9) with ESMTP id XAA18210; Fri, 28 Jul 1995 23:47:35 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.11/8.6.9) with SMTP id XAA10036; Fri, 28 Jul 1995 23:47:34 +0200 Message-Id: <199507282147.XAA10036@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: "Jordan K. Hubbard" cc: Mark Murray , ache@astral.msk.su, "Jordan K. Hubbard" , "Rodney W. Grimes" , security@freebsd.org, freebsd-foreign-secure@grondar.za Subject: Re: security list Date: Fri, 28 Jul 1995 23:47:33 +0200 From: Mark Murray Sender: security-owner@freebsd.org Precedence: bulk > > I've got a lawyer friend who knows this crap. She's an import/export/patent > > specialist, and an Advocate too. (British: Advocate=Barrister) (American: > > Advocate=Big Cheese Lawyer qualified to argue in supreme court) > > > > She'll do this Pro Amico... > > That's very kind of her. So, maybe we should make sure we've got all > of our questions in order before we take her up on this generous offer? > Just what issues are we trying to clarify here, exactly? (Sorry Jordan - you missed a long discussion concerning the legality of _importing_ crypto code into the USA. Rod feels that this is dangerous and a couple of others feel that these fears are unfounded. I thought that I would find out for sure. I am sick of the argument :-) :-) ) [Would you like copies of the discussion?] Before we get all excited... She is doing this as a favour for me, and her name will be on whatever she gives me. BUT - what she will give me is LEGAL OPINION. It is not law, and she is not American. The question I have asked her to clarify is "Is it or is it not legal to import cryptography code INTO the USA?" We have so far established beyond a shadow of a doubt that permanent imports (as opposed to temporary imports or any kind of export) are not under the jurisdiction of the State Department, like the controlled items referred to in ITAR. It is also known without the aforementioned shadow that exports and temporary imports (that is imports for repair or improvement etc. that will be returned to their country of origin) that are munitions according to ITAR _are_ restricted. But we all knew this :-( :-( :-(. For permananent imports ONLY (IE one-way FTP into the USA) the body with jurisdiction is the Department of the Treasury, and their rules apply. This is clearly stated in ITAR. What we are going to find out is whether or not _they_ define crypto as a munition (or whatever), and if so what the restrictions are. M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200