Sorry if this is not directly fw related (it sure does relate to one
fw system at my site...). This is a copy of a post to comp.security.misc.
Dear Security and (DES) encryption politics and export rules specialists:
Our network group has just begun testing a new ZyXEL ISDN capable modem,
the "ZyXEL Elite 2864I". According to the local distributor, this modem
supports _data_ encryption using 112 bit DES technology.
We are a Swedish company, and thus subject to the not so very liberal
US export restrictions for cryptographic "stuff"(?). Or so I thought.
The local distributor for the ZyXEL modem can only forward questions to
ZyXEL corporation. Thus without having a direct line to the ZyXEL corp.,
I have received following answer to my question about how (if they really)
they can export DES based data encryption.
> Federal Information Processing Standards are issued by the National Bureau
> of Standards pursuant to the Federal Property and Administrative Services
> Act of 1949, as amended, Public Law 89-306(79 stat 1127). Excutive Order
> 11717 (38 FR 12315, dated May ,1, 1973) and Part 6 of Title 15 Code of
> Federal Regulations(CFR).
> Name of Standard: Data Encryption Standard (DES).
> Patents: Crytographic devices implementing this standard may be covered by
> U.S. and foreign patents issued to the International Business Machines
> Corporation. However, IBM has granted nonexclusive, royalty-free licenses
> under the patents to make, use and sell apparatus which complies with the
> standard. The terms, conditions and scope of the licenses are set out in
> notices published in the May 13, 1975 and August 31, 1976 issue of the
> Official Gazette of the United State Patent and Trademark Office (934 O. G.
> 452 and 949 O. G. 1717).
> If you need more information about these document above, please check with
> librarian who will help you a lot.
The local distributor reads this as "well, DES is in the public domain, how
nice". I read this as ZyXEL answered someone else's question....
I will of course follow this up with the local distributor, and thus with
ZyXEL. The reason for my posting/mailing this here, is that I feel I need
an external opinion.
My questions now are mainly:
(1) Is it possible for a large US company to export products using DES
data encryption? I mean even if they get a "non-USA DES" can they
export products including this?
(2) Is anyone familiar with the modem in question (2864I), and know if
it really provides DES data encryption?
(3) Where should I have posted this.
Thanks in advance, for any pointers!,
Systems Integration and Security
Ericsson Microwave Systems AB, Molndal, Sweden