I believe Brent is right. You can have calls to encryption code in your
software, and you can encrypt things, but in the export policy world, the twain
may never meet. There must be stub/null routines on the other end of the calls
to encryption routines, and there must be no way to pass arbitrary text to the
excryption engine.
Mark
lavondes @
tidtest .
total .
fr (Michel Lavondes) writes:
# I don't think it's DES, since they can (and do) export it, but from what they
# told me, you guessed right about the rest.
To which Brent Chapman replies:
They could still be using DES. My understanding is that the export
restrictions on DES prohibit exporting general-purpose
encryption/decryption systems (i.e., systems that can be used to
encrypt/decrypt arbitrary input). Embedded uses of DES, such as how
the SecureID system supposedly uses it, are exempt, because you can't
use them to encrypt/decrypt arbitrary input.
-Brent
--
Brent Chapman | Great Circle Associates | Call or email for info about
Brent @
GreatCircle .
COM | 1057 West Dana Street | upcoming Internet Security
+1 415 962 0841 | Mountain View, CA 94041 | Firewalls Tutorial dates
|
|
