Hello,
Over the past year I was in contact with different cryptographers (I was
designing a new symmetric algorithm) and they all told me in order to publish
it no governmental authorization was needed. They also told me that they
publish paper all the time without having an authorization.
However there is the Wassenaar Arrangement between US, Europe and other
countries that regulate the export and use of cryptography
(http://www.wassenaar.org/introduction/index.html).
The Article 3 of the chapter 2 of the european law says : An authorisation
shall be required for the export of the dual-use items listed in Annex I
(http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:134:0001:0269:en:PDF).
What they consider dual-use items is A ′′symmetric algorithm′′ employing a key
length in excess of 56 bits
(http://www.wassenaar.org/controllists/2012/WA-LIST%20%2812%29%201/08%20-%20WA-LIST%20%2812%29%201%20-%20Cat%205P2.doc).
The department of the ministry of defense that handle this regulation can't
answer if publishing a cryptographic algorithm needs an authorization. However
the Wassenaar Arrangement clearly says that material, software and technology
need an authorization to be exported / published.
What is actually the status of the law about cryptography and publishing new
algorithms ? Is the cryptographer that publish a paper without governmental
authorization an outlaw ?
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
