From: Michael H. Warfield (mhw_at_wittsend.com)
Date: Thu Oct 31 2002 - 15:19:15 CET
On Wed, Oct 30, 2002 at 11:32:31PM -0500, Ken Bantoft wrote:
> On Wed, 30 Oct 2002 seberino_at_spawar.navy.mil wrote:
> > I heard somewhere that FreeSwan is going into
> > 2.5.x kernel because of new US laws that allow
> > this? Is this true?
> >
> > Can someone please elaborate on current
> > US export laws regarding crypto and freeswan?
> FreeS/WAN is not, and probably will never go into the mainstream kernel.
> The project sponsor (John Gilmour) has mandated from day one that 0 lines
> of code from US citizens/residents be allowed into the project. Linus is
> a US citizen and/or resident. David Miller (kernel developer, RedHat) has
> said he'd never put something into the kernel that he couldn't touch.
> Both sides have very valid points, and thus are in a permadent state of
> dead-lock.
> Linus merged a variant of an earlier fork of FreeS/WAN, mixed in with some
> code from the USAGI project (IPv6 for linux, which includes ipsec), and
> some new code to glue it all together. So there is ipsec support in the
> kernel. But no userland tools, config files, etc. That's all extra, and
> not part of the kernel.
Which means that FreeSwan will eventually be redundant. At least
I can work on the crypto code in the kernel.
> Now, for the 2nd part of your question.
> IANAL, however this is my understanding of the current situation.
> The US "relaxed" regulations by a government declaration. This is *not* a
> law, and thus can be revoked at any time by either the house, the senate
This was always true both ways and applies to all countries.
France relaxed it's laws but can equally turn around and tighten them.
China "technically" prohibits the possesion of cryptography and yet
I listened to several officials from the Ministry of Information Industry,
in person (through an interpreter) speak of the need for strong privacy
and strong cryptography to promote E-Commerce. They are "permitting"
crypto but can clamp down in an instant. The Brits keep dragging up
ideas for accessing people's keys and crypto that are absolutely draconian.
> or the President. As such, you can export products with crypto outside of
> the US freely, until the government changes it's mind (which will probably
Until ANY government (including Canada) changes their mind.
> happen shortly after the US goes into it's next war. I mean hey, we don't
Sorry you haven't been keeping up with current news and events.
The subject came up just after 9/11 and it was explicitly decided in Congress
that it was more in the interest of the US to promote strong cryptography
and protect our own equities and that restricting cryptography exports
did nothing to aid the US. So the idea of restablishing export restrictions
was not only shot down but the regulations were even FURTHER relaxed.
Further relaxed TWICE after.
> want to give <insert country here> access to encryption while we're at war
> with them, right? <insert Homeland Security and War on Terrorist stuff
> here>)
Gee... What rock were you hiding under when this came up and
was shot down in congress?
How bout all that discussion up there in Canada about "lawfull
access" and all? Pretty scary stuff... Makes the Patriot Act look
down right tame.
Freeh still keeps making noises like this but he got the boot
and ain't coming back. From the sounds of the reactions to his last
appearance in front of Congress (just recently) he doesn't seem to
have much influence or sympathy on the subject.
> Therefore, if/when the government revokes the declaration, Linus would
> have to pull out all of the crypto code, or cease to distribute the Linux
> kernel.
Bullshit. Get a clue. The best way to prevent that is to go
balls to the wall and get crypto in everything. You can't pull it back
once it's out there. Crypto has been on kernel.org for a couple of
years now. All the cryptoapi and loopaes and kerneli stuff has been
hosted there.
They couldn't stop pgp when they had ITAR and then EAR in full
force. They didn't stop me from assisting Tatu with ssh. They didn't
stop me from doing the SSL stuff in fetchmail and Eric posting it on his
site here in the US. The FUD on this subject is enough to do Microsoft
proud.
> This isn't exactly ideal for anyone at the moment, but it's 2.5 stuff, so
> won't be considered mainstream for another 6 months at the earliest.
> Hopefully some of the stuff will be sorted out by then, but I won't be
> holding my breath.
> --
> Ken Bantoft The Unoffical FreeS/WAN Site:
> ken_at_freeswan.ca http://www.freeswan.ca
> PGP Key: finger ken_at_bantoft.org
> "It is dangerous to be right when the government is wrong."
> -- Voltaire
Mike
-- Michael H. Warfield | (770) 985-6132 | mhw_at_WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 05:20:36 CET