Re: french crypto regulations relating to personal encryption usage by visitors?
But, having travelled in and out of France for the last decade+ I can categorically state that this has NEVER happened to me nor anyone I know of/have heard of. Neither have I. Nor have crypto laws seem a problem taking a lap top over US borders. So, trying to get an IETF Excemption, Sam, for a non-issue seems like just a way to raise a bunch of flags we don't need raised. Let's let the sleeping (clueless) dogs sleep. I'm amazed about what non-issues are raised everytime the IETF is not meeting in the USA. Real serious issues seem to be waved away. To my opinion, one threat to the international nature of the IETF are the continuous increasing difficulties entering the US. This morning I read in the local papers that starting the 25th of october the Visa-Waiver program will grind to a halt for (most) Europeans. jaap ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
New regulations for US Visa Waiver Programme (was RE: french crypto regulations relating to personal encryption usageby visitors? )
snip Real serious issues seem to be waved away. To my opinion, one threat to the international nature of the IETF are the continuous increasing difficulties entering the US. This morning I read in the local papers that starting the 25th of october the Visa-Waiver program will grind to a halt for (most) Europeans. jaap This depends on whether your passport issuing authority is getting it together with some new requirements for machine readability. See (e.g.) http://stockholm.usembassy.gov/Consulate/mr_passports.html Summarizing: if you get a new passport on or after 26 Oct 2005, the Visa Waiver Program will only apply if the passport includes machine readable biometric data embedded in a 'contactless' chip (facial recognition data apparently). This doesn't apply if your passport is already machine readable (ie. Most current European passports) and is issued before 26 Oct 2005. Otherwise you will need to go through the hassle of getting a visa. The last paragraph of the web page above indicates that 'several' European governments won't be ready by 26 Oct. So if your passport which previously gave you access to the VWP is close to expiry (or like mine getting close to full) it might be good to renew it before the critical date. Given the current level of paranoia and the extreme politics of fear which the US government is currently using to justify its actions, it is unclear how long it will be before non-biometric passports will be totally disallowed, but getting a new passport soon could give you a few extra months of lower hassle. It will be interesting (but doubtless frustrating) to see what this does to US immigration throughput when it is introduced. Regards, Elwyn ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: french crypto regulations relating to personal encryption usage by visitors?
Jaap == Jaap Akkerhuis [EMAIL PROTECTED] writes: Jaap I'm amazed about what non-issues are raised everytime the Jaap IETF is not meeting in the USA. I think there is some bias on both sides. The US folks would love to show that either the rest of the world is as bad as the US or there are problems having IETF meetings elsewhere so we should have them in the US so it is nice and cheap for the US attendies. Similarly the rest of the world would like to show that we should have the meetings closer to them. This creates a lot of FUD on both sides. Also, most of us are engineers. We'd like to know that what we are doing is absolutely legal. We don't want to know that if some customs agent really wants to make our life difficult they could and it would be hard for us. Your trip will be safe unless you manage to make someone at the airport hate you, is not as reassuring as our algorithm has been proved correct. Some of the people ar actually concerned about the issues they bring up. Some people, are just interested in confirming there is no problem. Let's try and reduce the pro-US and anti-US FUD. In particular let's try and stick to facts and accept that it is the practical reality that matters, not the worst possible thing that could happen if a country decided to enforce its most draconian laws. Whenever people spread FUD on either side it makes me discount their statements. That's bad. It means that if there is a real problem it will take longer to recognize it. Useful facts would be information about people who have had trouble getting to an IETF meeting. This is probably not the right list and this is certainly not the right thread, but someone should be collecting that information so we can act on it and make *informed* judgements about where to hold our meetings. Meanwhile I'll mock every country's laws and try to do so equally; they all seem deserving. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: New regulations for US Visa Waiver Programme (was RE: french crypto regulations relating to personal encryption usageby visitors? )
Real serious issues seem to be waved away. To my opinion, one threat to the international nature of the IETF are the continuous increasing difficulties entering the US. This morning I read in the local papers that starting the 25th of october the Visa-Waiver program will grind to a halt for (most) Europeans. jaap This depends on whether your passport issuing authority is getting it together with some new requirements for machine readability. See (e.g.) http://stockholm.usembassy.gov/Consulate/mr_passports.html Summarizing: if you get a new passport on or after 26 Oct 2005, the Visa Waiver Program will only apply if the passport includes machine readable biometric data embedded in a 'contactless' chip (facial recognition data apparently). Since I get more private reactions, let me paraphrase the article: --- Dutch travellers need a a visum after the 25th of October. The US Congres doesn't want to delay requirements for digital fingerprints in european passports. This is the reaction in a letter from Jameson Sensenbrenner, chair of the relevant comittee in the US Congres to the Euro commisioner Fratini (Justice). ``The concern about the weak border control of the US will make an extra delay difficult''. European passports will only in 2008 be fulfill the requirements. It will be difficult for the US authorities to prcess th visa for the 13 million people which now are under the Visa Waiver program. --- This doesn't apply if your passport is already machine readable (ie. Most current European passports) and is issued before 26 Oct 2005. Well, I'm not sure how to read the following in the VisaWaferProgram side (http://travel.state.gov/visa/temp/without/without_1990.html). It states: Biometric Passports - President Bush signed legislation, which delays until October 26, 2005 the requirement for Visa Waiver Program (VWP) countries to include biometrics in their passports. The Department of Homeland Security now enrolls Visa Waiver Program travelers in the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program at all airports and seaports. To read more, select News Release and Fact Sheet . Seems that after 26/10/2005 (that's 10/25/2005 for americans :-)), you need a ``biometric enabled passport''. jaap ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: New regulations for US Visa Waiver Programme (was RE: frenchcrypto regulations relating to personal encryption usagebyvisitors? )
A bit more input on this subject... It appears that (as one could have predicted) trying to get this piece of universal technology in place in 10 years is going to be difficult. It appears that there is a limited agreement on content (actually a digitized mugshot) but very little on the nature of the chip. Security and interoperability are big problems (surpise, surprise) and the privacy lobbies on both sides of the Atlantic are having a field day. Diplomatic negotiations are ongoing to postpone the requirement (till mid-2006) but it sounds like there are several entrenched positions around this and whether there will be a universal standard implemented by then is a very moot point. See http://www.theregister.co.uk/2005/04/01/eu_bio_passport_delay/ Still, I think I might get my passport refreshed before October. Maybe the IETF could help;-) Elwyn -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jaap Akkerhuis Sent: 02 April 2005 14:37 To: 'IETF Discussion' Subject: Re: New regulations for US Visa Waiver Programme (was RE: frenchcrypto regulations relating to personal encryption usagebyvisitors? ) Real serious issues seem to be waved away. To my opinion, one threat to the international nature of the IETF are the continuous increasing difficulties entering the US. This morning I read in the local papers that starting the 25th of october the Visa-Waiver program will grind to a halt for (most) Europeans. jaap This depends on whether your passport issuing authority is getting it together with some new requirements for machine readability. See (e.g.) http://stockholm.usembassy.gov/Consulate/mr_passports.html Summarizing: if you get a new passport on or after 26 Oct 2005, the Visa Waiver Program will only apply if the passport includes machine readable biometric data embedded in a 'contactless' chip (facial recognition data apparently). Since I get more private reactions, let me paraphrase the article: --- Dutch travellers need a a visum after the 25th of October. The US Congres doesn't want to delay requirements for digital fingerprints in european passports. This is the reaction in a letter from Jameson Sensenbrenner, chair of the relevant comittee in the US Congres to the Euro commisioner Fratini (Justice). ``The concern about the weak border control of the US will make an extra delay difficult''. European passports will only in 2008 be fulfill the requirements. It will be difficult for the US authorities to prcess th visa for the 13 million people which now are under the Visa Waiver program. --- This doesn't apply if your passport is already machine readable (ie. Most current European passports) and is issued before 26 Oct 2005. Well, I'm not sure how to read the following in the VisaWaferProgram side (http://travel.state.gov/visa/temp/without/without_1990.html). It states: Biometric Passports - President Bush signed legislation, which delays until October 26, 2005 the requirement for Visa Waiver Program (VWP) countries to include biometrics in their passports. The Department of Homeland Security now enrolls Visa Waiver Program travelers in the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) program at all airports and seaports. To read more, select News Release and Fact Sheet . Seems that after 26/10/2005 (that's 10/25/2005 for americans :-)), you need a ``biometric enabled passport''. jaap ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: New regulations for US Visa Waiver Programme (was RE: french crypto regulations relating to personal encryption usageby visitors? )
At 15:37 02/04/2005, Jaap Akkerhuis wrote: This is the reaction in a letter from Jameson Sensenbrenner, chair of the relevant comittee in the US Congres to the Euro commisioner Fratini (Justice). ``The concern about the weak border control of the US will make an extra delay difficult''. [...] Biometric Passports - President Bush signed legislation, which delays until October 26, 2005 This is not the first time that this program has been delayed. Originally the biometric requirement was supposed to come into effect in 2004. Given that it is still 6 months before the deadline, I would not be suprised if the US and EU discussed this issue for a few more months, then postponed it again. (And we nicely postponed the problem by having the fall IETF outside the US :-) Henk -- Henk Uijterwaal Email: henk.uijterwaal(at)ripe.net RIPE Network Coordination Centre http://www.amsterdamned.org/~henk P.O.Box 10096 Singel 258 Phone: +31.20.5354414 1001 EB Amsterdam 1016 AB Amsterdam Fax: +31.20.5354445 The NetherlandsThe NetherlandsMobile: +31.6.55861746 -- Look here junior, don't you be so happy. And for Heaven's sake, don't you be so sad. (Tom Verlaine) ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: french crypto regulations relating to personal encryption usage by visitors?
Sam Hartman [EMAIL PROTECTED] writes: Jaap == Jaap Akkerhuis [EMAIL PROTECTED] writes: Jaap I'm amazed about what non-issues are raised everytime the Jaap IETF is not meeting in the USA. I think there is some bias on both sides. The US folks would love to show that either the rest of the world is as bad as the US or there are problems having IETF meetings elsewhere so we should have them in the US so it is nice and cheap for the US attendies. FWIW, the strategy I advise for Americans in this situation is to push for meetings in Canada. The parts of Canada where meetings actually get held are generally fairly close to the US border and you don't get the anti-US responses. -Ekr ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: Last Call: 'Media Type Specifications and Registration Procedures' to BCP
On Fri April 1 2005 12:02, Ned Freed wrote: FWIW, I have every intention of incorporating your comments on message/partial into the next revision of the base MIME specification. I like to think we a reasonable job overall on the initial set of security considerations, but this is one we clearly missed. As I mentioned to you and Nat, I think RFC 1344 covers the relevant message/partial issues; unfortunately it hasn't been kept up-to-date with the rest of the MIME RFCs, and has merely Informational status. It very obviously has been ignored by developers, at the peril of those developers' customers and the Internet at large. My comments to you and Nat the following day regarding general MIME security issues I believe addresses issues that have not yet been covered in any MIME- related RFCs. And I'm confident that the issues will be addressed in due course. However my concern about the registration/commentary mechanism remains that there does not appear to be a lightweight mechanism for registering commentary on media type registrations issued as RFCs (2046 isn't a single type registration per se, and represents an unusual case that probably isn't worth fussing over w.r.t. the draft under discussion). For example, consider the potential problems that might arise if the application/msword registration had been in an RFC [it is not, but my reading of section 3.1 of the draft under discussion is that if it weren't grandfathered it would have to be an RFC]; as I see it there would be two possible approaches to adding security issues comments: 1. issue a separate RFC addressing only the security issues, requesting that the RFC Editor note that it updates the original RFC. Even with such a note, that later RFC would likely be ignored by many developers (as many have ignored 2231, which updates 2045; as many have ignored updates to 821/822, leading to consolidation in 2821 and 2822 via DRUMS). [medium-weight, low-visibility mechanism] 2. issue a new RFC obsoleting the old one, and incorporating the entire media type registration. In the case of application/msword, I doubt that the specification by example would pass muster in a new registration, and there are a number of new registration template items that would have to be added. Somebody who wishes to note security considerations (or e.g. to note a new value for the version parameter) shouldn't have to jump through a lot of hoops to do so. [heavy-weight, high-visibility mechanism] Either type of RFC would take a minimum of 6 weeks for a mere peon such as me (2-week types review plus 4 week Last Call period) [according to RFC 2026, the IESG can request a variance (sect. 9.1), but such a variance itself would require a Last Call of at least 4 weeks, so that would result in a longer overall process!], and in the case of security considerations in particular, such a delay might be inadvisable. An IETF WG could rush through an RFC with a 2 week Last Call; maybe the media types review panel (http://www.iana.org/numbers.html#M under Multipurpose Internet Mail Extensions (MIME) Media Types) should be an IETF WG so as to be able to take advantage of that. [maybe IANA is wrong about a panel, as I don't see that in the draft under discussion] As I wrote earlier, I don't have a specific lightweight mechanism to offer, and if your plan remains to work out such issues on-the-fly as problems arise, so be it. My immediate objective is to make my concerns clearly known. ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: french crypto regulations relating to personal encryption usage by visitors?
On Sat, 2 Apr 2005, Jaap Akkerhuis wrote: To my opinion, one threat to the international nature of the IETF are the continuous increasing difficulties entering the US. This morning I read in the local papers that starting the 25th of october the Visa-Waiver program will grind to a halt for (most) Europeans. And as an American, I'd just like to say that this is an embarrassment to me. Free trade, but not free travel. How can you have one without the other? In the NYTimes this week was an article about a Uruguayan Flight Instructor who worked at the Oklahoma Flight School attended by Moussaui (sp?) the so-called 20th hijacker. He was very cooperatative with the FBI, and wound up on a no-fly list, apparently as a result of his cooperation--The FBI found him helpful, so they wanted to keep track of him. So now he isn't allowed to learn to fly light business jets, the logical next step in the career of a professional pilot. Sigh. I have to find a hole to crawl into, to hide my shame. --Dean -- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000 ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
RE: french crypto regulations relating to personal encryption usage by visitors?
And as an American, I'd just like to say that this is an embarrassment to me. Free trade, but not free travel. How can you have one without the other? Actually, there was a period in the 80's during which US tourists had to obtain a visa before visiting France. This followed terrorist bombings in Paris. The French authorities wanted to restrict movements of potential terrorists. The terrorist movements involved nationals of former French colonies, and given various treaties it was only possible to require visas for nationals of these countries if they were also required from nationals of every country outside the European Union -- including the US. Do you see the parallel with the current US legislation? -- Christian Huitema ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: french crypto regulations relating to personal encryption usage by visitors?
On Apr 02 2005, at 15:35 Uhr, Sam Hartman wrote: Similarly the rest of the world would like to show that we should have the meetings closer to them. You are making an assumption about the motives of the people that point out the continuing decline of suitability of the US as a meeting place for an international organisation. This assumption may suggest itself, but it certainly does not apply to all of those making the argument. I for one live in central Europe, but would be happy with all further meetings located in Seoul or Yokohama (if organized as well as these were). I would be less happy with Pyongyang, although the distance from here is almost the same. The US/non-US dichotomy in the argument probably stems from a difference of experience: Of course, US residents experience less of a problem traveling to US destinations, so they subjectively may still consider those destinations viable IETF venues. (I'm not arguing for an all-out change of IETF policy tomorrow, but this little misunderstanding needs to be set straight. Canada does look more attractive every day, though, so I'm quite happy with the current plans.) Gruesse, Carsten ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: french crypto regulations relating to personal encryption usage by visitors?
Carsten Bormann [EMAIL PROTECTED] writes: On Apr 02 2005, at 15:35 Uhr, Sam Hartman wrote: Similarly the rest of the world would like to show that we should have the meetings closer to them. You are making an assumption about the motives of the people that point out the continuing decline of suitability of the US as a meeting place for an international organisation. This assumption may suggest itself, but it certainly does not apply to all of those making the argument. Maybe not, but I doubt it's coincidence that the people who are most enthusiastic about Europe are European and that the people who seem most enthusiastic about Asia are Asian. (I'm not arguing for an all-out change of IETF policy tomorrow, but this little misunderstanding needs to be set straight. I'm not sure what you think the misunderstanding is. That people are often self-interested and prefer to minimize travel time? I doubt that's a misunderstanding at all. -Ekr ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: New regulations for US Visa Waiver Programme (was RE: french crypto regulations relating to personal encryption usageby visitors? )
The key change that people from visa waiver countries need to understand is this (from the official site that Elwyn kindly mentioned): BIOMETRIC PASSPORT REQUIREMENT: October 26, 2005 also marks the deadline by which VWP travelers will be required to present passports incorporating biometric identifiers, if their passports were issued on or after October 26, 2005. Since the next two IETFs are outside the US, this will only affect IETF travellers by March 2006 (location TBD, but probably US). However, for Vancouver in November, avoid transit through the US if you will have a passport that doesn't meet the above rule and you don't plan to get a visa. Brian - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Brian E Carpenter IETF Chair Distinguished Engineer, Internet Standards Technology, IBM Elwyn davies wrote: ... This depends on whether your passport issuing authority is getting it together with some new requirements for machine readability. See (e.g.) http://stockholm.usembassy.gov/Consulate/mr_passports.html ... ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf
Re: french crypto regulations relating to personal encryption usage by visitors?
Eric Rescorla ekr@rtfm.com writes: Carsten Bormann [EMAIL PROTECTED] writes: On Apr 02 2005, at 15:35 Uhr, Sam Hartman wrote: Similarly the rest of the world would like to show that we should have the meetings closer to them. You are making an assumption about the motives of the people that point out the continuing decline of suitability of the US as a meeting place for an international organisation. This assumption may suggest itself, but it certainly does not apply to all of those making the argument. Maybe not, but I doubt it's coincidence that the people who are most enthusiastic about Europe are European and that the people who seem most enthusiastic about Asia are Asian. The word generally should appear in the above sentence. And of course, not that it needs saying, but the people most enthusiastic about North America are generally North American, which, purely as a mattter of population distribution, mostly means the United States. -Ekr ___ Ietf mailing list Ietf@ietf.org https://www1.ietf.org/mailman/listinfo/ietf