To: 'firstname.lastname@example.org' <email@example.com>
From: Mason, Shane <firstname.lastname@example.org>
Date: 10/18/1999 14:11:33
I must concur with Erik. There needs to be a non-US source for
distributions that have full crypto. Using RSA has licensing issues, but
DES, 3-DES, IDEA, CAST, DSA (I think), are all public domain. The only
issue is export from the US.
Interestingly, if the CVS source for a crypto branch was located in Canada,
things would be easier. US citizens can export source and binaries for
strong encryption to Canada. Canada has no restriction on export to the
rest of the world. The only issue here would be that US citizens who
participate in this way may get into trouble if they sent crypto code to
Canada with prior knowlege that it would ultimately be exported to other
countries. This is something for a lawyer to determine, and also only an
issue if the US Justice Department can figure out which US citizens were
working on the code.
The best person to call on for advice is probably Theo de Raadt. At least,
he is the only person on the OpenBSD development team that I have met (and
then only for about 30 seconds). For those who do not know him, he works on
the OpenBSD project, and would have some useful insight about ITAR, legals,
etc. It is my understanding that part of the reason that OpenBSD is based
in Canada is because of ITAR.