On Mon, Jul 22, 2013 at 07:24:36AM -0400, Michael Poole wrote: > On Jul 22, 2013 2:30 AM, "Noel Butler" <noel.but...@ausics.net> wrote: > > > > On Fri, 2013-07-19 at 08:15 -0400, Michael Poole wrote: > > > >> > >> The only thing that US law has to do with anything is that the US --like > 40 other countries, including > >> most of those already mentioned has implemented export controls under > the Wassenaar Arrangement > > > > > > The Wassenaar Arrangement is that, only an agreement, not being a treaty > it is unenforceable by those who don't want to honour it > > Maybe true at a national level -- but the same is true of many treaties -- > but absolutely irrelevant at the citizen level. You are subject to your > country's laws whether they are enacted under, say, the Geneva Conventions, > the Wassenaar Arrangement, or the Rudd/Gillard Whim.
> >> Everyone else who has mailed on this thread so far is affected > >> by similar export controls. > > > > > > Complied with by a simple notice on ftp servers, and, funnily enough, > inside the package you need to open and read before building, when was the > last time you saw such a notice before downloading httpd, or postfix etc > > I can't say for sure how the law is interpreted in Australia, but I rather > suspect it is like the US -- where there must be more significant efforts > to prevent unauthorized exports. I haven't seen that kind of notice in a > long time, because laws relaxed after the Wassenaar Arrangement was > adopted, and now mostly the servers will just refuse to download files to > IP addresses from NoKo, Iran, etc. > > >> > >> Anyone who feels outraged by "PRISM" type programs should read up on > >> their own local laws about mandatory key disclosure, lawful intercept > >> requirements, and the like; US law provides slightly more protections > > > > > > Luckily in Australia, one can not currently be forced to hand over keys, > and no intercept may take place without a specific named target in a court > order (I used to action such requests for a service provider over here), of > course the nannies running the country want to, and this year even tried > to, change this to bring in mandatory data retention, but the public outcry > and pending federal election has put a, at least temporary, stop on that > idea. It's recently been rumoured though that the defence signals > directorate (watered down NSA/GCHQ) has of course questionably obtained > information from NSA on locals under the "eyes of five" BS > > Wikipedia and Electronic Frontiers Australia both disagree with you about > the requirement to hand over keys in Australia, and both of them cite the > Cybercrime Act of 2001 as the legislation that requires individuals to > disclose cryptographic keys or face prison time (even if the disclosure > would incriminate the person). > > Argument by "of course" is not very convincing when it's made by someone > who shows so little understanding of the things he writes about. > > Michael > _______________________________________________ > Coder-com mailing list > Coder-com@undernet.org > http://undernet.sbg.org/mailman/listinfo/coder-com Hi, Just thought I'd chime in, as Kev and Entrope knows I was looking in to adding cyrpto to ircu... A few times and so on and so forth... But I always hit a wall in the fact that keys will have to be regenerated and handled in a secure manner - doing all this in a single process without threading was a bit of a show stopper but I also felt that there are way too many cornercases wrt SSL and security. Basically, if I do this and don't do a good job, then we're back to the good old "false sence of security". However, my plan was to add a special "userflag" to all users connecting using ssl. This userflag would carry over encrypted links but not over cleartext ones. Then you could specify that this channel is "secure" (ie no user on a non-secure link or being routed via a non secure server <-> server link could join the channel) Anyway, the project was abandoned and the source is lost - if someone hacks up the ssl bit i might start looking in to it again. Oh, and SSL becomes a problem in places like France where all crypto keys should be filed with the government (or has that law been changed?) _______________________________________________ Coder-com mailing list Coder-com@undernet.org http://undernet.sbg.org/mailman/listinfo/coder-com
