To: moglen@columbia.edu Subject: Re: [Eben Moglen ] Re: US crypto export restrictionsand GNU (fwd) From: Richard Levitte - VMS Whacker In-Reply-To: Your message of "Thu, 16 Mar 2000 02:36:57 -0500" References: X-Mailer: Mew version 1.93 on Emacs 19.34 X-URL: http://www.stacken.kth.se/~levitte/ X-mailhacking1: I do not send mail using QP. I use 8bit instead. However, some X-mailhacking2: mail servers on the way might find pleasure in converting my X-Mailhacking3: messages to QP anyway. I will not be responsible for that. X-mailhacking4: See =?iso-8859-1?Q?http://www.lysator.liu.se/=E5ttabitars/?= to see the reasons. X-Waved: dead chicken, GNU Emacs 19.34.1, Mew version 1.93 X-Mew: See http://www.mew.org/ Mime-Version: 1.0 Content-Type: Text/Plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-Id: <20000316093943B.levitte@pizza.stacken.kth.se> Date: Thu, 16 Mar 2000 09:39:43 +0100 Sender: Richard Levitte X-Dispatcher: imput version 980905(IM100) Lines: 44 Hello Eben, I'm one of the OpenSSL deevelopers, and I'm personally very grateful that you came out and set the record straight for us all, as I'm sure basically everyone you've reached is. Thank you. Now, there's a lieelt thing I want to make sure I got right. My english is not always that good, so I just want to tell you how I interpreted what you wrote below, and all I want to know is if my interpretation was correct or not: moglen> [...]. In the worst case analysis, components exported moglen> now might subsequently become non-exportable in the event that moglen> regulations in the US become more restrictive. No one would be moglen> subject to prosecution or interference as a result of export occurring moglen> before the change in regulations (that's a matter of constitutional moglen> law in the US), but all subsequent development of those components moglen> would then have to occur somewhere other than here. No code not moglen> originally developed in the US would be subject to this tightened moglen> regulatory environment, unless such code were "in" the US, in which moglen> case the particular copy that was "in" the US wouldn't be able to moglen> leave again--a restriction which makes no difference. I interpret it as this: if we insert a piece of US-originated code into OpenSSL today, or receive something from the US today that we plan to insert into OpenSSL the day after tomorrow, and the regulations are changed to something restrictive tomorrow, we're safe and don't have to remove that code from OpenSSL. Correct or not? I'm under the interpretation that it is correct, but I've had discussions with people that are paranoid around this scenario. Thanks for your help and effort. -- Richard Levitte \ Spannvägen 38, II \ LeViMS@stacken.kth.se Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- bastard@bofh.se Member of the OpenSSL development team Unsolicited commercial email is subject to an archival fee of $400. See for more info.