Colin Campbell wrote:
| Can someone illuminate me (and possibly others) on the exportability
| of RC4-based systems.
See www.bxa.doc.gov for the regulations themselves. They explicitly
mention rc2 and rc4 with keylengths of 40 bits or less getting
| Here's what I know.
| There are several VPN products around using RC4 encryption. In all
| cases the "international" version uses 40-bits and the "domestic"
| Now my questions:
| 1) Is 128-bit RC4 exportable from the US to a gov't/financial body?
Probably not. As I understand it, they're approving to 64,
and not longer for general purpose systems. The special case for a
bank disappeared with the move from State dept to Commerce Dept
control, probably in a political bid to get banks to buy GAKware.
There was never an exception for foriegn governments written into the
112 bit 3des was not exportable to US employees of a US
company operating overseas.
Don't buy in the US. Import what you need, and depriciate it.
| 2) If I have a head office in the US and branch offices elsewhere in
| the world what are the export restrictions?
Buy foriegn is my advice.
| 3) If I have a branch office in the US and I am a gov't body, what
| if any, are the export restrictions?
Are you a US or Foriegn government? If you are thinking about
Australian government stuff, stick it in a diplomatic pouch and move
it as you will. You think the Soviets left their crypto gear in the
US because of some US law?
"It is seldom that liberty of any kind is lost all at once."