"David R. Conrad" <[EMAIL PROTECTED]> writes:
>It appears that the definition of whether authentication code is exportable or
>not now depends on whether BXA (NSA) feels the code can be "easily" converted
>to encryption uses.
Just as a data point, this morning I got a copy of NIST's reference PKI
implementation (MISPC) which contains (signature-only) crypto code. The PKI
stuff is in source form, the signature component is supplied as a Windows DLL.
I don't know what key sizes it'll handle (I have to get to a Windows machine
first), but going by the MISPC guidelines it should do 1K keys. The paperwork
included indicates that it went through the full export approval process,
taking more than six months from filing to approval (the shippers export
declaration is a copy of a fax dated 3 September 1998, the shipping date is 12
March 1999, looks like the BXA could give NZ's Ministry of Foreign Affairs and
Trade a run for their money :-). Actually I'm not sure whether it really took
that long, maybe that was just the date the original form was faxed... in any
case it looks like NIST is being forced to jump all the export hurdles, even
for something which would be almost impossible to convert for encryption use
(you could probably write an implementation from scratch faster than you could
patch extra code into the binary to make it do encryption).
Peter.
