On Thu, 18 Mar 2010, Mosh wrote: > On Thu, Mar 18, 2010 at 7:22 AM, Ben Fritz <[email protected]> wrote: > > Is this going to introduce any export law worries if included? > > Where required, enable this line of code with a compile time flag > > + // Blowfish takes a variable-length key, from 32 bits to 448 bits. > + // If larger than 64 bits keys are not allowed, truncate it. > + // keylen = min(8, keylen); > > and warn the user of the weakened key. >
Actually, the strength of the key has been a non-issue since the laws were relaxed back in 2000. Back to the original question from Ben F: > > Is this going to introduce any export law worries if included? The usual IANAL applies, etc etc. For some reading, if anyone's inclined: Good overview: http://en.citizendium.org/wiki/Cryptography_controversy FWIW, the Apache project complies with US law, being hosted in the US. (So, too, w/ Vim being hosted mostly on SF, correct?) Apache's export page: http://www.apache.org/licenses/exports/ Their 'internal' guide: http://www.apache.org/dev/crypto.html (has some useful general advice, and links to the 'TSU exception') Full text: (section 740.13): http://www.access.gpo.gov/bis/ear/txt/740.txt Wikipedia: http://en.wikipedia.org/wiki/Export_of_cryptography_in_the_United_States One of the citations, in reference to open source: http://www.bis.doc.gov/encryption/pubavailencsourcecodenofify.html An amusing snippet from that page: """ If your encryption source code is too large to serve as an email attachment, you may print a copy of your email as a cover sheet and fax the additional documents to BIS at (202) 219-9179 or -9182. """ My general thought would be that it would be much easier to include the patch if it could be reworked to use some commonly-available, external crypto library (thus Vim doesn't contain crypto software, so isn't exporting crypto). (e.g. use OpenSSL or ...well, OpenSSL.) -- Best, Ben H -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php To unsubscribe from this group, send email to vim_dev+unsubscribegooglegroups.com or reply to this email with the words "REMOVE ME" as the subject.
