On Tue, 11 Jul 1995 17:29:52 EDT, Steve Gaarder <gaarder @
actech .
com> wrote:
We would like to be able to use encryption to pass traffic for specific
applications (e.g. http) over the Internet between our headquarters in
the USA and our offices in other countries. I have found a number of
firewall products that provide encrypted connections, but the [insert
standard flame here] US government ban on exporting crypto rears its
ugly head.
I see two options:
1. Do it myself. This doesn't *look* too scary; I don't need fancy key
management, just basic secret-key encryption. I could modify, say,
plug-gw to call encryption routines. If I then get my encryption code
from outside the US (that seems to be no problem) I won't have to export
it to install it overseas. Any comments on this?
DON'T. If you do this, you are STILL in violation of the ITAR. The act of
posting your message might be enough to get you prosecuted for conspiracy as
well. You cannot ship either cryptographic products, or products with a
"cryptography ready socket" out of the (lower 48 states) USA or Canada without
an export lisence. If you don't think that the Export Control Office is
serious about this, ask Phil Zimmerman.
2. Find an encryption product available outside the US, probably one
*made* outside the US. Does anyone know of such a beast?
This will work. I was in Rappersweil, Switzerland in April for the Rappersweil
Networking Forum meeting. There were a number of Swiss vendors there with
big banners saying "Crytpography: Made in Switzerland" (I was probably the
only non-german speaker there, but the banner was in english. Go fig.)
I can't remember any companies, and can't vouch for the quality of their
products, but I'd be seriously surprised if a swiss company provided crypto
that didn't have IDEA.
You have another alternative:
3. If your company is at least 51% US (or Canadian) owned, you can apply for
an export lisence for your company's use. My experience is that these are
always granted. Note that you'll have to take care of any lisencing that is
required in the country of use (for example, you need a lisence to use crypto
within France).
In my book, both #2 and #3 beat #1 (going to jail).
--
- Ted
--------------------------------------------------------------------------
Ted Doty, Network Systems Corporation | phone: +1 301 596-2270
8965 Guilford Road, Suite 250 | fax: +1 410 381-3320
Columbia, MD, 21046 USA | voice mail: (800) 233-1485
--------------------------------------------------------------------------
The opinion expressed in this message is fictitious. Any resemblence to
real opinions, living or dead, is purely coincidental.
|
|
