Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cs.utexas.edu!tut.cis.ohio-state.edu!att!dptg!ulysses!andante!alice!dmr From: dmr@alice.att.com (test) Newsgroups: comp.unix.questions Subject: Re: Unix software and USSR Message-ID: <11394@alice.att.com> Date: 27 Sep 90 05:56:12 GMT Organization: AT&T Bell Laboratories, Murray Hill NJ Lines: 55 Most people including me don't understand the regulations well. Here are some facts, but please don't take them as comprehending the rules. 1) The DES algorithm itself as used to encrypt passwords was never subject to embargo and was regularly shipped overseas without special license, and if the source was included, libc/gen/crypt.c was there. 2) crypt(1) and the 'encrypt' entry point in crypt(3)--as opposed to the 'crypt' entry point used for passwords--were removed from overseas distribution. The distinction was fine. Approximately, the one-way character of the password mechanism did not fall within the protected area, whereas the ability of both crypt(1) and the general DES encode-decode to produce secret messages put them in the category of things that needed licences for export. Note that DES was not treated specially here-- crypt(1) is not DES, for example. (Though doubtless any mention of 'DES' served as a flag to the watchful.) 3) The new piece of information is that USL has announced that these two programs are no longer subject to this restriction and USL will no longer need to distinguish 'foreign' and domestic distributions. 4) I know only few details of official source licensing of Unix software outside the US, but it is worth noting that this sort of thing is not all-or-nothing and various considerations apply. In some cases export licenses may be needed, and the question is how easy they are to get. (In the 'crypt' case for example licenses were the crucial thing, and the issue was that although they were not impossible in principle, they were just too much of a pain). Sometimes it is not the US government that is involved. There are several countries whose own laws or policies caused AT&T to avoid source distribution not because of ideology, but they did not recognize the notion of 'trade secret' in a way considered acceptable to AT&T. 5) Two tidbits. For some years now, it has been possible for institutions in the PRC to get a Unix source license, but the real problem for them has been the lack of hard currency to buy them. As a semi-independent fact, I learned that a group in the Chinese Academy of Sciences took a binary distribution of some version of Unix and reverse-engineered the object files so as to make them produce messages and diagnostics in Chinese. I have been told that the fastest way for one of the universities in Finland (Helsinki? Tampere?) to get the BSD 4.x (for some x) distribution was to have their friends in Leningrad send them the tape. I know no more. I trust this is apochryphal, but it's cute. Dennis