[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] American export regulations vs JDK/JRE

On Tue, 21 Sep 1999, [ISO-8859-1] Roger Bodén (QTX) wrote:

> I'm currently looking into the export/import issues around
> cryptography in general and SSL in particular. Below I state my
> present conclusions and raise a few questions. It would be very
> interesting to hear about IAIK's position in this matter, and also to
> hear what conclusions other users of IAIK-JCE and iSaSiLk have come
> to.
> As far as I understand it the IAIK-JCE and the iSaSiLk products have
> been developed outside the US in its entirety without the involvement
> of any american citizens. Thus american legislation does not need to
> be considered when using these products as components in your own
> product.

This is not the problem. The U.S. doesn't care about percentage costs,
components or amount of ammerican code the product is depended upon.

It doesn't even matter if US products CONTAIN encryption code. The keyword
is *USE*. Our product, a Secure CORBA ORB, uses different toolkits which
we don't supply. However, our product is currently under export
restriction, and there isn't stitch of crypto code in it. However,
somebody, can buy our product, stick in a foreign toolkit, like IAIK, and
poof! they have secure communcation with strong encryption.

We are now actually involved in the process of crippling our product so
that it can only use the exportable features of foreign toolkits. Its
funny thing trying to cripple a product that is a open-source (but, not
free) product.


Polar Humenn                  Adiron, LLC
Principal                     2-212 Center for Science & Technology
mailto:polar@adiron.com       CASE Center/Syracuse University 
Phone: 315-443-3171           Syracuse, NY 13244-4100
Fax:   315-443-4745           http://www.adiron.com

Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-ssl/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-ssl