---------- Forwarded message ---------- Sender: [EMAIL PROTECTED] Subject: Canadian Export Controls on Crypto from DFAIT Date: Wed, 6 Jan 1999 20:11:28 -0400 (AST) To: [EMAIL PROTECTED] From: M Taylor <[EMAIL PROTECTED]> <http://www.dfait-maeci.gc.ca/~eicb/notices/ser113-e.htm> Export Controls on Cryptographic Goods SER-113 <http://www.dfait-maeci.gc.ca/~eicb/notices/ser113-f.htm> Contr�les � l'exportation sur les produits de cryptographie I found this recently, published Jan 5 1999 by the Department of Foreign Affairs and International Trade (DFAIT). Most of it was expected, most of it is good. The only confusion, which I'd like to see cleared up, is in regards to the changes to Mass-Market Software. At first it seems a step backwards; 64bit symmetric, 512bit RSA, 512bit DH over Z/pZ, 112bit DH over elliptic curve, but there is either a typo or hope for 128-bit symmetric algorithm encryption be covered by a General Export Permit, which might at least make 128-bit mass-market easily exported to many (US,EU,AU,NZ, ??) countries. With these changes I expect Entrust, Certicom, ZKS and others won't be moving their cryptographic development outside Canada as fast as they would under the US's December announcement. Expect 'mirroring' foreign offices to continue. I think that if it had not been for Industry Canada's development of a Canadian Cryptography Policy <http://strategis.ic.gc.ca/SSG/cy00001e.html> in 1998, the changes would of been far more instep with US's requests. Canadians are a private people, and Industry Canada has argued that E-commerce will not become a reality in Canada without an infrastructure of cryptographic strong hardware and software. I will continue to freely export software under the exemption for "in the public domain" software. -mctaylor -----BEGIN QUOTE----- EXPORT CONTROLS ON CRYPTOGRAPHIC GOODS Date: December 23, 1998 PURPOSE ... GENERAL ... CANADIAN POLICY ... WASSENAAR ARRANGEMENT ... LIBERALIZATIONS: 10. The Wassenaar Arrangement Participating States agreed to remove from control: ... (e) goods employing a symmetric algorithm with a key length of 56 bits or less; (f) goods employing an asymmetric algorithm where the security of the algorithm is based on any of the following: (i) factorisation of integers not greater than 512 bits (e.g. RSA); (ii) computation of discrete logarithms in a multiplicative group of a finite field of size not greater than 512 bits (e.g.Diffie-Hellman over Z/pZ); and (iii) discrete logarithms in a group other than mentioned in (ii) above and not greater than 112 bits (e.g. Diffie-Hellman over an elliptic curve). ... 11. In addition, the Wassenaar Arrangement Participating States agreed: ... (b) to maintain the existing exemption for software "in the public domain". PROPOSED EXPORT CONTROL LIST CHANGES: 12. The Wassenaar Arrangement Participating States agreed to replace Entry 1 of the General Software Note for Mass Market Cryptographic Software with a Cryptography Note applicable to both hardware and software goods that meet all of the following: (a) generally available to the public by being sold, without restriction, from stock at retail selling points by means of any of the following: (i) over-the-counter transactions; (ii) mail order transactions; (iii) electronic transactions; or (iv) telephone call transactions (b) the cryptographic functionality cannot easily be changed by the user; (c) designed for installation by the user without further substantial support by the supplier; (d) does not contain a symmetric algorithm employing a key length exceeding 64 bits; and (e) when necessary, details of the items are accessible and will be provided, upon request, to the appropriate authority in the exporter's country in order to ascertain compliance with conditions described in paragraphs a. to d. above. 13. In addition to the technical changes, the Wassenaar Arrangement Participating States agreed that the controls on Mass Market goods as defined in sub-paragraph 12 (d) above will remain in effect for two years and that the renewal of such controls for a successive period will require the unanimous consent of the Wassenaar Arrangement Participating States. ADMINISTRATION ... 18. As soon as practicable, a General Export Permit will be issued for mass market software employing a symmetric algorithm with a key length not exceeding 128 bits. ... EXPORT PERMIT REQUIREMENTS ... CONTACTS ... -----END QUOTE-----
