3DES key-length

Wendy Palm wendyp at cray.com
Sat Dec 7 03:47:20 EST 2002

it wasn't too difficult to get it straightened out.  it just took a long time.
we (Cray) had our legal people talking to the us government (dept of commerce)
and what we ended up with is basically this-

we sent a copy of what we are sending to customers to the dept of commerce,
showing that the code we are sending is exactly the same as that publicly
available on the web.  we only needed to do this for our first release.

if we (Cray) make any changes to OpenSSL ourselves and send it to
our customers (so that it is different than that available on the web), we have
to provide a copy of the code to dept of commerce and prove none of the
changes affected the status wrt export laws (i.e. we didn't make any changes
to the crypto stuff).  likewise, we can't send those types of changes back to
the public domain either.

it sounds so simple, but you wouldn't believe how long it took to get that
agreement in place.  i'm assuming other companies had to go through the
same thing.

Ben Lindstrom wrote:

> Don't know.. Sun and IBM seem to pull it off at least.  So there can't be
> too many glitches.
> - Ben
> On Fri, 6 Dec 2002, Peter Stuge wrote:
>>On Thu, Dec 05, 2002 at 07:58:04PM -0500, Hari-Isoft wrote:
>>>>>I am interested in the export regulations concerning openssh in USA. Any
>>>>>idea on this ?
>>>>Should be pretty free of US regs; all the crypto modules are imported
>>>>from Canada / Germany / Etc.
>>>But, how about the regulations concerning export of OpenSSH from the USA to
>>>other countries, (because of 128 bit key encryption used!) ?
>>Noone will want to export OpenSSH crypto from the US since it is available
>>from a number of other places in the world already.  Quite contrary, OpenSSH
>>crypto has been _imported_ into the US from one of these other places.
>>But, hypothetically, if you wanted to export OpenSSH crypto from the US I'm
>>sure you'd have all sorts of interesting legal problems, IANAL however.
>>openssh-unix-dev at mindrot.org mailing list
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev

wendy palm
Cray OS Sustaining Engineering, Cray Inc.
wendyp at cray.com, 651-605-9154

More information about the openssh-unix-dev mailing list