|
|||||||
| Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-and-a-half-years collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, cryptome.info, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost. | |||||||
7 January 1999
Date: Wed, 6 Jan 1999 20:11:28 -0400 (AST) From: M Taylor <mctaylor@privacy.nb.ca> To: efc-talk@efc.ca cc: cryptography@c2.net, cypherpunks@cyberpass.net Subject: Canadian Export Controls on Crypto from DFAIT <http://www.dfait-maeci.gc.ca/~eicb/notices/ser113-e.htm> Export Controls on Cryptographic Goods SER-113 <http://www.dfait-maeci.gc.ca/~eicb/notices/ser113-f.htm> Contrôles à l'exportation sur les produits de cryptographie I found this recently, published Jan 5 1999 by the Department of Foreign Affairs and International Trade (DFAIT). Most of it was expected, most of it is good. The only confusion, which I'd like to see cleared up, is in regards to the changes to Mass-Market Software. At first it seems a step backwards; 64bit symmetric, 512bit RSA, 512bit DH over Z/pZ, 112bit DH over elliptic curve, but there is either a typo or hope for 128-bit symmetric algorithm encryption be covered by a General Export Permit, which might at least make 128-bit mass-market easily exported to many (US,EU,AU,NZ, ??) countries. With these changes I expect Entrust, Certicom, ZKS and others won't be moving their cryptographic development outside Canada as fast as they would under the US's December announcement. Expect 'mirroring' foreign offices to continue. I think that if it had not been for Industry Canada's development of a Canadian Cryptography Policy <http://strategis.ic.gc.ca/SSG/cy00001e.html> in 1998, the changes would of been far more instep with US's requests. Canadians are a private people, and Industry Canada has argued that E-commerce will not become a reality in Canada without an infrastructure of cryptographic strong hardware and software. I will continue to freely export software under the exemption for "in the public domain" software. -mctaylor -----BEGIN QUOTE----- EXPORT CONTROLS ON CRYPTOGRAPHIC GOODS Notice to Exporters Export and Import Permits Act Serial No. 113 Date: December 23, 1998 PURPOSE ... GENERAL ... CANADIAN POLICY ... WASSENAAR ARRANGEMENT ... LIBERALIZATIONS: 10. The Wassenaar Arrangement Participating States agreed to remove from control: (a) goods performing the function of authentication; (b) goods performing the function of digital signature; (c) access control goods where there is no encryption of files or text except as directly related to the protection of passwords, Personal Identification Numbers (PINs) or similar data to prevent unauthorized access; (d) goods employing analogue principles when not implemented with digital techniques; (e) goods employing a symmetric algorithm with a key length of 56 bits or less; (f) goods employing an asymmetric algorithm where the security of the algorithm is based on any of the following: (i) factorisation of integers not greater than 512 bits (e.g. RSA); (ii) computation of discrete logarithms in a multiplicative group of a finite field of size not greater than 512 bits (e.g.Diffie-Hellman over Z/pZ); and (iii) discrete logarithms in a group other than mentioned in (ii) above and not greater than 112 bits (e.g. Diffie-Hellman over an elliptic curve). (g) receiving equipment for radio broadcast, pay television or similar restricted audience television of the consumer type, without digital encryption except that exclusively used for sending the billing or programme-related information back to the broadcast providers; (h) goods where the cryptographic capability is not user-accessible and which is specially designed and limited to allow any of the following: (i) execution of copy-protected software; (ii) access to any of the following: a. copy-protected read-only media; b. information stored in encrypted form on media (e.g. in connection with the protection of intellectual property rights) when the media is offered for sale in identical sets to the public; or c. one-time copying of copyright protected audio/video data. (i) goods specially designed and limited to banking use or money transactions; and (j) cordless telephone equipment not capable of end-to-end encryption where the maximum effective range of unboosted cordless operation (i.e., a single, unrelayed hop between terminal and home base station) is less than 400 metres; 11. In addition, the Wassenaar Arrangement Participating States agreed: (a) to remove the exporter semi-annual reporting requirements; and (b) to maintain the existing exemption for software "in the public domain". PROPOSED EXPORT CONTROL LIST CHANGES: 12. The Wassenaar Arrangement Participating States agreed to replace Entry 1 of the General Software Note for Mass Market Cryptographic Software with a Cryptography Note applicable to both hardware and software goods that meet all of the following: (a) generally available to the public by being sold, without restriction, from stock at retail selling points by means of any of the following: (i) over-the-counter transactions; (ii) mail order transactions; (iii) electronic transactions; or (iv) telephone call transactions (b) the cryptographic functionality cannot easily be changed by the user; (c) designed for installation by the user without further substantial support by the supplier; (d) does not contain a symmetric algorithm employing a key length exceeding 64 bits; and (e) when necessary, details of the items are accessible and will be provided, upon request, to the appropriate authority in the exporter's country in order to ascertain compliance with conditions described in paragraphs a. to d. above. 13. In addition to the technical changes, the Wassenaar Arrangement Participating States agreed that the controls on Mass Market goods as defined in sub-paragraph 12 (d) above will remain in effect for two years and that the renewal of such controls for a successive period will require the unanimous consent of the Wassenaar Arrangement Participating States. ADMINISTRATION ... 16. The regulatory changes will not affect the export of cryptographic goods and technologies to the United States. There will continue to be no permit requirements to export cryptographic goods or technologies to the United States. 17. The regulatory changes to Canada's export controls will come into effect in approximately six months. ... 18. As soon as practicable, a General Export Permit will be issued for mass market software employing a symmetric algorithm with a key length not exceeding 128 bits. ... EXPORT PERMIT REQUIREMENTS ... CONTACTS 24. Questions regarding this Notice should be directed to: The Department of Foreign Affairs and International Trade, Export Controls Division, (EPE) 125 Sussex Drive, Ottawa, Ontario, K1A 0G2 Telephone: (613) 996-2387 Facsimile: (613) 996-9933 (c) Department of Foreign Affairs and International Trade, 1998 -----END QUOTE-----