Colin Campbell wrote:
| Can someone illuminate me (and possibly others) on the exportability
| of RC4-based systems.
See www.bxa.doc.gov for the regulations themselves. They explicitly
mention rc2 and rc4 with keylengths of 40 bits or less getting
expidited treatment.
| Here's what I know.
|
| There are several VPN products around using RC4 encryption. In all
| cases the "international" version uses 40-bits and the "domestic"
| 128-bits.
|
| Now my questions:
|
| 1) Is 128-bit RC4 exportable from the US to a gov't/financial body?
Probably not. As I understand it, they're approving to 64,
and not longer for general purpose systems. The special case for a
bank disappeared with the move from State dept to Commerce Dept
control, probably in a political bid to get banks to buy GAKware.
There was never an exception for foriegn governments written into the
law.
112 bit 3des was not exportable to US employees of a US
company operating overseas.
Don't buy in the US. Import what you need, and depriciate it.
| 2) If I have a head office in the US and branch offices elsewhere in
| the world what are the export restrictions?
Buy foriegn is my advice.
| 3) If I have a branch office in the US and I am a gov't body, what
| if any, are the export restrictions?
Are you a US or Foriegn government? If you are thinking about
Australian government stuff, stick it in a diplomatic pouch and move
it as you will. You think the Soviets left their crypto gear in the
US because of some US law?
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
References:
|
|
