Re: Why doesn't Sun release the crypto module of the OpenSPARC? Crypto export restrictions
I would expect hardware designs to be treated more like hardware than software. /r$ -- STSM, DataPower Chief Programmer WebSphere DataPower SOA Appliances http://www.ibm.com/software/integration/datapower/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Why doesn't Sun release the crypto module of the OpenSPARC? Crypto export restrictions
I would expect hardware designs to be treated more like hardware than software. A hardware design is not hardware. Only a naive parsing of the words would treat it so. A software design is not treated like software; you are free to write about how ATM machine crypto is designed, even if you can't export ATM machine crypto software without a license (because it's proprietary and not mass-market). A hardware design is a lot like software. It's human written and human readable, it's trivial to reproduce, it's compiled automatically into something that can execute, and if you write it into hardware, then it does something. The court case that EFF won against the export controls was won on those grounds: the government can't suppress the publication of human-written and human-readable text, on the grounds that somebody somewhere might put it into a machine that does things the government doesn't like. Sun may be chicken on the point, and the government did a sneaky trick to technically avoid having a Ninth Circuit precedent set on the topic, but a similar precedent was set by Peter Junger's case in another circuit. I think Sun would be well within its rights to ship VHDL or Verilog source code that implements crypto under an open source license. And I'd be happy to point them at good lawyers who'd be happy to be paid to render a more definitive opinion. John Gilmore - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Why doesn't Sun release the crypto module of the OpenSPARC? Crypto export restrictions
If only to make sure that there's no confusion about where I stand: I agree with you completely John. I am not surprised that the feds or Sun see it otherwise. /r$ -- STSM, DataPower Chief Programmer WebSphere DataPower SOA Appliances http://www.ibm.com/software/integration/datapower/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Why doesn't Sun release the crypto module of the OpenSPARC? Crypto export restrictions
Richard Salz wrote: I would expect hardware designs to be treated more like hardware than software. That's an interesting observation, raising the issue of what is speech vs hardware. When I looked into this issue, I found the Common Criteria certification methodology as evidence that speech covers everything from the most high level abstract design description to the most concrete representation of the hardware that you would look at, e.g. for security certification assurance that electronic gates are properly positioned by the Computer-Aided-Design tools. Hence, any information is speech, and if it's in the public domain, I would expect an export control exception would apply. Only the actual silicon, and non human-readable dies for the silicon, would be hardware. Otherwise, I see no legal base to locate a cut-off point between speech and hardware in the process of design refinements leading to the actual processor. Regards, -- - Thierry Moreau CONNOTECH Experts-conseils inc. 9130 Place de Montgolfier Montreal, Qc Canada H2M 2A1 Tel.: (514)385-5691 Fax: (514)385-5900 web site: http://www.connotech.com e-mail: [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Why doesn't Sun release the crypto module of the OpenSPARC? Crypto export restrictions!
Dear people of the cryptography mailing list: I received a note from Sridhar Vajapey, head of the Sun OpenSPARC programme, which releases a complete modern CPU under the GPL. Except that it isn't complete -- the parts that do AES, SHA-1 and SHA-2, and public key crypto acceleration are all mysteriously omitted from the released source [1]. I have previously posted about this issue on this list [2]. I inquired about this with Sridhar Vajapey, and he wrote US export control regulations prevent Sun from opensourcing the crypto portion of N2.. (N2 is the development code-name for the most recent OpenSPARC -- its product name is T2.) Appended is my reply. If anyone on this list knows more about the relevant export regulations, please share. Regards, Zooko [1] http://www.opensparc.net/opensparc-t2/downloads.html [2] http://www.mail-archive.com/cryptography@metzdowd.com/msg09090.html From: [EMAIL PROTECTED] Subject: Re: Please contact me about open source of the crypto modules in T2 Date: June 8, 2008 3:07:02 PM PDT To: Sridhar Vajapey Cc: Shrenik Mehta, Roberta Pokigo, Simon Phipps Dear Sridhar Vajapey: Thank you for the prompt reply. Having participated in the struggle in the 1990's to make crypto freely available and to end the export restrictions, and having thought that we won, I am saddened to find out that this is why Sun hasn't open sourced that component. So far, I have failed to understand why the current US crypto export regime (see survey here [1] -- be sure to follow the timeline as the laws have been relaxed many times over the last decade) doesn't permit Sun to post the source code of the crypto components of the T2. It would appear to me that that source code falls under the rubric of publically available crypto source code, as described here [2], which would mean that Sun need only send an e-mail to the right address giving them the URL of the source code in order to satisfy the law. On the other hand if the source code for building chips doesn't count as source code, then presumably it would count as mass-market crypto which means that Sun need only do slightly more paperwork in order to gain such approval. If Sun applied for approval of GPL'ed crypto under such a regulation and was *denied* by BIS then I would really like to know why. Another guess, and please don't take this the wrong way, is that NSA baloneyed you into *thinking* that you couldn't, or shouldn't, release the crypto components when legally you can. (I have personal knowledge of two such extra-legal attempts by NSA to deter crypto proliferation in the 1990's -- once with Netscape and once with Cisco.) Oh, in fact this leads me to another question: Even in the (in my humble opinion unlikely) case that Sun is disallowed from exporting the source of the crypto modules to foreign countries, there is certainly no law which would constrain Sun from sharing that source with US persons within the US. I originally became aware of this issue as a potential customer who was interested in the T2, rather than as an activist. I am a US citizen residing in the US, and there is certainly no law which would preclude Sun from giving me that source under the GPL. So, please do. You can just attach it to your reply. ;-) Thanks again. Adding cc: Simon Phipps (the Open Source Guy at Sun), as I have previously corresponded with him on this topic. Regards, Zooko Wilcox-O'Hearn [1] http://rechten.uvt.nl/koops/cryptolaw/cls2.htm#us_1 [2] http://www.bis.doc.gov/encryption/default.htm - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]