Say you've implemented a bunch of crypto on your web page via Javascript.
Someone in North Korea (or Iran, or one of the other export-restricted
nations) visits your site.
You've now exported crypto to a restricted country. What happens next?
Peter.
On Sun, Mar 3, 2013 at 1:39 AM, Peter Gutmann pgut...@cs.auckland.ac.nz wrote:
Say you've implemented a bunch of crypto on your web page via Javascript.
Someone in North Korea (or Iran, or one of the other export-restricted
nations) visits your site.
You've now exported crypto to a
You've now exported crypto to a restricted country. What happens next?
repl{physicist,
javascripter,
In some sort of crude sense, which no vulgarity, no humor, no
overstatement can quite extinguish, the physicists have known sin; and this is
a knowledge which they cannot lose.
You've now exported crypto to a restricted country. What happens next?
You ask a lawyer or a legislator, not a bunch of amateurs in the subject?
--Paul Hoffman
___
cryptography mailing list
cryptography@randombit.net
Paul Hoffman paul.hoff...@vpnc.org writes:
You've now exported crypto to a restricted country. What happens next?
You ask a lawyer or a legislator, not a bunch of amateurs in the subject?
Have you tried asking a lawyer or legislator? Would you say the look you got
in response was more
The entire idea that such countries don't have strong crypto because of the
export restrictions is goofy.
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Hi All,
In Jesse Walker's slide on Requirements for random number generators
(https://crypto.stanford.edu/RealWorldCrypto/slides/jesse.pdf), Walker
provides a simple gatherer on slide 10:
unsigned before, after, entropy;
before = read_TSC();
usleep(0);
after = read_TSC();
entropy = (after –
On 03/03/2013 11:34 AM, Paul Hoffman wrote:
You've now exported crypto to a restricted country. What happens next?
You ask a lawyer or a legislator, not a bunch of amateurs in the subject?
+1
As someone who personally reviewed hundreds of pages of EAR rules,
applied for and received
On Sun, Mar 3, 2013 at 3:18 PM, Arshad Noor arshad.n...@strongauth.com wrote:
On 03/03/2013 11:34 AM, Paul Hoffman wrote:
You've now exported crypto to a restricted country. What happens next?
You ask a lawyer or a legislator, not a bunch of amateurs in the subject?
+1
As someone who
On Sun, Mar 3, 2013 at 3:30 PM, Jeffrey Walton noloa...@gmail.com wrote:
In Jesse Walker's slide on Requirements for random number generators
(https://crypto.stanford.edu/RealWorldCrypto/slides/jesse.pdf), Walker
provides a simple gatherer on slide 10:
unsigned before, after, entropy;
On Sun, Mar 3, 2013 at 4:11 PM, Stephan Neuhaus
stephan.neuh...@tik.ee.ethz.ch wrote:
On Mar 3, 2013, at 21:30, Jeffrey Walton wrote:
What does it mean to be an AR(1) process?
A sequence X(n) of real numbers (integer n = 0) describes an AR(1) process
if X(n+1) = aX(n) + b + epsilon(n),
On Sun, Mar 3, 2013 at 4:15 PM, Sandy Harris sandyinch...@gmail.com wrote:
On Sun, Mar 3, 2013 at 3:30 PM, Jeffrey Walton noloa...@gmail.com wrote:
In Jesse Walker's slide on Requirements for random number generators
(https://crypto.stanford.edu/RealWorldCrypto/slides/jesse.pdf), Walker
On 03/03/2013 01:41 PM, Adam Back wrote:
Dont tell me you still think you need permission to export RSA in perl to
non-embargoed entities:
Open-source crypto that is downloadable from public-sites has a special
designation in the EAR; you only need to notify the BIS and provide the
download
On Sun, Mar 3, 2013 at 4:41 PM, Adam Back a...@cypherspace.org wrote:
Unless you're selling SSL MITM boxes to tyrants dictators, then of course
its alright ;) Well maybe they'll turn a blind eye if the West is propping
up that particular tyrant until they flip flop.
Anyway wasnt all that US
The realism of export restricting open source software is utterly ludicrous.
Any self-declaration click-through someone might implement can be clicked
through by anyone, from anywhere, and I presume someone from an embargoed
country is more worried about their own countries laws than US laws, to
On 2013-03-04 8:48 AM, Jeffrey Walton wrote:
Little folks like me have to play by the rules, or risk getting the
Schwartz treatment from folks like Steve Heymann and Carmen Ortiz.
No, we don't have to play by these rules, which our rulers have pretty
much forgotten about.
Swartz penetrated
It is a good thing that Swartz killed himself, like his hero Wallace.
Both of them needed killing.
This is the stupidest thing I have read in a long time. Shut the fuck up.
It is Jewish leftists like Rahm Israel Emanuel that seek the destruction
of Israel.
Israel is disliked in most countries
On 3/2/13 4:12 AM, ianG wrote:
This one had the talk written out, which makes it a top talk in just
that alone:
things that bit us, things we fixed and
things that are waiting in the grass [slides]
Adam Langley (Google)
On 2013-03-04 11:09 AM, Patrick Mylund Nielsen wrote:
Say what you will about the semi-morbid posthumous inflation of Aaron
Swartz contributions and stature, but don't pretend to know what he
thought
I know what Wallace thought and Wallace was evil, insane, and suicidal.
Swartz described
On Sun, Mar 3, 2013 at 12:29 PM, Open eSignForms yoz...@gmail.com wrote:
The entire idea that such countries don't have strong crypto because of the
export restrictions is goofy.
this can be shorted to: export restrictions [are] goofy
in the last decade the crypto export hassles i have
On 2013-03-04 8:10 AM, Arshad Noor wrote:
I also agree that all this seems irrelevant considering that everyone
has access to strong crypto in one form or another; but, even a stupid
law is still the law.
Much though we long for the glory days when cypherpunks actually were a
persecuted
On 4/03/13 06:05 AM, Patrick Pelletier wrote:
On 3/2/13 4:12 AM, ianG wrote:
This one had the talk written out, which makes it a top talk in just
that alone:
things that bit us, things we fixed and
things that are waiting in the grass [slides]
Adam Langley (Google)
Hi,
Can anyone enlighten me why client TLS certificates are used so rarely? It
used to be a hassle in the past, but now at least the major browsers offer
quite decent client cert support, and seeing how most people struggle with
passwords, I don't see why client certs could not be beneficial even
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mar 3, 2013, at 7:05 PM, Patrick Pelletier c...@funwithsoftware.org wrote:
This article surprised me, because it could almost be read as an argument
against AES (or even against block ciphers in general). Which seems to
contradict the
24 matches
Mail list logo