Mr. Williams,
I assume that you will receive various answers to your flame, probably
including one from Steve Crocker or Dave Balenson at TIS, and possibly from
Steve Kent who chairs the PEM WG of the IETF. However, they might not reply
until the end of the week. Everyone here is busy attending the National
Computer Security Conference this week.
Meanwhile, as a member of the PSRG from the beginning, let me simply say
that you are preaching to the choir. We have have anxious to field PEM
literally for YEARS now. The most recent reference implementation
developed at TIS with DARPA support IS being fielded. In fact, we just
installed it here at MITRE last week. However, surely you understand that
in your case, there is a small matter of the 18-nation COCOM agreement on
technology export, and its implementation is U.S. law (and, I assume, U.K.
law). A PEM UA falls into the categories where an export license usually
is *NOT* granted. I have attached a summary of the US export situation
that was prepared by Steve Crocker for the last IETF meeting. (He is the
Area Director for Security for the IETF.)
Kent and Crocker, or possibly Steve Wilbur at UCL, may be able to fill you
in on what I though was an effort to transfer a copy of PEM through the
U.S. Government to John Laws.
Subject: Documentation of export rules (typo fixed)
Date: Sun, 26 Jul 92 17:45:33 -0400
From: Stephen D Crocker <crocker(_at_)TIS(_dot_)COM>
Folks,
As most of you have seen, I whipped up a crib sheet on the rules
governing export of cryptographic products from the U.S. I've now
transformed that crib sheet into an ASCII to make it easy to send
around the net IT's attached below for your review and comment.
Ideally, this ought to be part of a larger document which covers the
basic concepts and rules. (This has been a back-burner work item
within the SAAG for man moons.)
Interest in this topic is heating up. At the last IETF meeting, Phill
Gross asked for a plenary presentation on all of this at the next IETF
meeting. since the IETF meeting will be in D.C. in November, we may
be able to have some expert from the government give the talk;
otherwise one of us can present it.
I've put together a brief mailing list of people who should
participate in this discussion. We can expand it to a full-scale
mailing list if we want, or we can keep it focused. My primary aim is
the accumulate an accurate picture of what the rules are; I'm *not*
interested, at least in this forum, in protracted discussion on the
merits of these rules.
Thanks,
Steve
+-------------------------------------+-------------------------------+
| Steve Crocker | Voice: 301-854-6889 |
| Trusted Information Systems | FAX: 301-854-5363 |
| 3060 Washington Road |-------------------------------|
| Glenwood, MD 21738 | Internet: crocker(_at_)tis(_dot_)com
|
+-------------------------------------+-------------------------------+
Summary of Export Rules for Products
Containing Cryptographic Functions
Stephen D. Crocker
July 26, 1992
For use within/by
Security Algorithm U.S. & Banks & All
Service Used Canada U.S. Subs Other
Integrity, RSA A C C
Signature &
Access Ctl DES A C C
Other A C C
Symmetric
Key RSA B F F
Management
DES B E E
Other B E E
Symmetric
Encryption RSA B G G
DES B D G
Other B F F
Symmetric
Key
A No restriction.
B No restriction. A label is recommend which warns that export of
the product requires a license.
C A license is required. A general Commerce Department commodity
license is available except for shipments to Eastern bloc
countries. Individual licenses are needed for shipment to Eastern
bloc countries and are generally granted.
D A State Department license is required and will generally be
granted.
E An export license is needed. Each application will be examined on
a case-by-case basis. For some products, a Commerce Department
commodity license may be available.
F An export license is required and is generally granted provided
the modulus does not exceed 512 bits.
G An export license is required and generally will NOT be granted.
Regards, -Rob-
Robert W. Shirey, The MITRE Corporation, Mail Stop Z202
7525 Colshire Dr., McLean, Virginia 22102-3481 USA
shirey(_at_)mitre(_dot_)org * tel 703-883-7210 * fax 703-883-1397