Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: Notesfiles; site ucbtopaz.UUCP
Path: utzoo!watmath!clyde!bonnie!akgua!sdcsvax!sdcrdcf!hplabs!hpisla!hplvla!ucbtopaz!newton2
From: newton2@ucbtopaz.UUCP (newton2)
Newsgroups: net.crypt
Subject: Re: Re: Xenix & crypt (fairly LONG)
Message-ID: <878@ucbtopaz.UUCP>
Date: Thu, 4-Apr-85 12:30:00 EST
Article-I.D.: ucbtopaz.878
Posted: Thu Apr  4 12:30:00 1985
Date-Received: Sun, 14-Apr-85 03:56:26 EST
References: <134@mot.UUCP>
Organization: Hewlett-Packard
Lines: 35

Based on my continuing embroilment with NSA and the Dept. of Commerce
on the issue of exporting crypto devices (voice security) here's how
I understand their position:

DES may NOT be exported except for certain specified purposes, which I
believe encompass banking, financial transaction and possibly point-of-
sale terminals. Please don't tax ME me the Carrollian logic thAT SEEMS TO
(whoops- accidental caps lock) underlie this "policy". RSA is exportable
"for key exchange but not for encryption applications" they seem to be
worried about implementations that are capable enough for crypt purposes,
but I can't really be sure. When you say that DES flourishes on both sides of
the water, your customers might want to use it and they appear to be forcing
you to export code with a DES-shaped hole in it together with Brer rabbit-type
instructions not under any circumstances to path DES into that briar patch,
they (NSA) just shrug and say there's more things in COMSEC heaven and
earth than are dream't of in my philosophy. I really and truly don't
understand what they want or are up to WRT to this DES stuff- it just
hurts American companies, as far as I can tell, since there's no dearth of
skill and security consciousness elsewhere, based on my recent travels
in Europe. By the way, regarding the ITAR restrictions on crypto devices
exported from/to USA, I THINK that their are essentially no restrictions
onm USA exports to Canada (although of course Canada is depended upon to
reliably manage controls on the re-export of equipt. to third countries.

By the way, let me repeat here an apparently VAX-aborted appeal for info
on the key-management scheme to be used in NSA's multi-gigabuck secure
telephone project. NY Time sdescribe two (classified and civilian)
key management centers and a vaguely defined proces of key-insertion
at machine birth. What then? RSA? Please, someone, a comprehensive posting
pronto-- I an't keep getting my information on cryptography from the National
Enquirer!
Thanks,

Doug Maisel 415 548-4858
 ucbvax!ucbtopaz!newton2