Well, I'd love to post the KryptOn code.. Ron, can you gauge from your meeting last week or anyone else with knowledge of this subject, after reading the description of KryptOn what do you think?
http://minnow.cc.gatech.edu/squeak/5785
I'm not looking for legal advice (but I'll take it if someone offers), just "gut feelings" from you guys who know a lot more about it than I do. Safe to post this on squeaksource?
Swiki is in the US, maybe that would be even safer..?
Thanks, Chris
On 11/9/05, Chris Muller chris@funkyobjects.org wrote:
Swiki is in the US, maybe that would be even safer..?
I think posting on a website is exporting. IANAL.
Glad I live in the Netherlands so I just can publish my Keything whenever I like ;)
Chris,
The concept is cool and makes sense; storing public and private keys on a personal device. The smart card was supposed to give us that too but readers are scarce and USB ports are plentiful. It really amazes me that security is not used more, look at email for example. There is no reason, other then companies wanting to make money on certificates, that every email is not encrypted. (see www.cacert.org) In my opinion anything that makes security easier and more widely available should be pursued.
Given that I would say you should post your code to squeakSource in our cryptography package (and Cees should post his keythingy too). Now for my OPINION on export issues (not a legal opinion since I'm not a lawyer), Dan tells me that there are no requirements or test we have to meet to allow for export since we are an open source platform. The only issue is one of notification. He is working on that now. There are a few steps to that and we decided to keep the repository locked until those steps are completed. So right now if you post your code only the cryptography team can see and download the code. In my opinion that is fine. There is the possibility that we will not be allowed to work with Dan to finish this (a very unlikely possibility), in which case we would probably just pack up and go home, deleting the repository (or just the US contributed pieces). The most likely scenario is that the repository will become public soon with all the blessings of the US Government and we can put this behind us.
Ron
-----Original Message----- From: Chris Muller [mailto:chris@funkyobjects.org] Sent: Tuesday, November 08, 2005 6:47 PM To: Ron Teitelbaum; cryptography@lists.squeakfoundation.org Subject: opinions?
Well, I'd love to post the KryptOn code.. Ron, can you gauge from your meeting last week or anyone else with knowledge of this subject, after reading the description of KryptOn what do you think?
http://minnow.cc.gatech.edu/squeak/5785
I'm not looking for legal advice (but I'll take it if someone offers), just "gut feelings" from you guys who know a lot more about it than I do. Safe to post this on squeaksource?
Swiki is in the US, maybe that would be even safer..?
Thanks, Chris
On 11/9/05, Ron Teitelbaum Ron@usmedrec.com wrote:
(and Cees should post his keythingy too).
It's in SqueakMap, as I announced a couple of days ago...
Does that mean it can only be posted in one place? Or can it live it both places. If someone doesn't see Keythingy on squeak map but is looking for Keythingy on cryptography, shouldn't they be able to find it?
Ron
-----Original Message----- From: Cees De Groot [mailto:cdegroot@gmail.com] Sent: Tuesday, November 08, 2005 7:36 PM To: Ron@usmedrec.com; Cryptography Team Development List Cc: chris@funkyobjects.org Subject: Re: [Cryptography Team] RE: opinions?
On 11/9/05, Ron Teitelbaum Ron@usmedrec.com wrote:
(and Cees should post his keythingy too).
It's in SqueakMap, as I announced a couple of days ago...
On 11/9/05, Ron Teitelbaum Ron@usmedrec.com wrote:
Does that mean it can only be posted in one place? Or can it live it both places. If someone doesn't see Keythingy on squeak map but is looking for Keythingy on cryptography, shouldn't they be able to find it?
I hardly think that anyone's first guess for an application is a Team's repository. Usually publishing on SqueakMap constitutes the best way to make something available.
Chris...
Are you asking for a critique of the KryptOn architecture or opinions on whether you should post the code?
My opinion on posting the code is... yes... you should post the code. I think it would be hard to argue that it's not "open source" code since you're posting the code to a widely accessible server. I think Ron recently pointed out that you can claim an open source exemption as long as you alert the BIS by emailing them the following information (taken from http://www.bis.doc.gov/Encryption/ PubAvailEncSourceCodeNofify.html): In the SUBJECT line of your email, enter: "TSU NOTIFICATION" [Note: This has already been done for you if you click on any of the e-mail links above.]
In the body of your email, enter the following information:
SUBMISSION TYPE: Type in "TSU" SUBMITTED BY: SUBMITTED FOR: (Name of company or person exporting the encryption item) POINT OF CONTACT: PHONE and/or FAX: MANUFACTURER: (If relevant) PRODUCT NAME/MODEL #: ECCN: 5D002
NOTIFICATION: Provide the URL or Internet address of the source code, or else a copy of the source code.
With respect to license, assuming you're the copyright holder of the code, I believe it's possible for YOU to post the code wherever you wish. It doesn't HAVE to be posted in the "official" Squeak locations.
On Nov 8, 2005, at 3:46 PM, Chris Muller wrote:
Well, I'd love to post the KryptOn code.. Ron, can you gauge from your meeting last week or anyone else with knowledge of this subject, after reading the description of KryptOn what do you think?
http://minnow.cc.gatech.edu/squeak/5785
I'm not looking for legal advice (but I'll take it if someone offers), just "gut feelings" from you guys who know a lot more about it than I do. Safe to post this on squeaksource?
Swiki is in the US, maybe that would be even safer..?
Thanks, Chris _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ cryptography
All,
The last step in the process, I believe, it to request a review. This is where the government actually responds to you to say you did everything properly. They will not respond to a regular notification. To be safe I would advise we let the lawyers do what needs to be done for squeak. If indeed this is all that needs to be done, we will write it up in our how-to.
Thanks Matt for putting this together.
Ron
-----Original Message----- From: Matthew S. Hamrick [mailto:mhamrick@cryptonomicon.net] Sent: Tuesday, November 08, 2005 8:18 PM To: chris@funkyobjects.org; Cryptography Team Development List Cc: Ron Teitelbaum Subject: Re: [Cryptography Team] opinions?
Chris...
Are you asking for a critique of the KryptOn architecture or opinions on whether you should post the code?
My opinion on posting the code is... yes... you should post the code. I think it would be hard to argue that it's not "open source" code since you're posting the code to a widely accessible server. I think Ron recently pointed out that you can claim an open source exemption as long as you alert the BIS by emailing them the following information (taken from http://www.bis.doc.gov/Encryption/ PubAvailEncSourceCodeNofify.html): In the SUBJECT line of your email, enter: "TSU NOTIFICATION" [Note: This has already been done for you if you click on any of the
e-mail links above.]
In the body of your email, enter the following information:
SUBMISSION TYPE: Type in "TSU" SUBMITTED BY: SUBMITTED FOR: (Name of company or person exporting the encryption item) POINT OF CONTACT: PHONE and/or FAX: MANUFACTURER: (If relevant) PRODUCT NAME/MODEL #: ECCN: 5D002
NOTIFICATION: Provide the URL or Internet address of the source code, or else a copy of the source code.
With respect to license, assuming you're the copyright holder of the code, I believe it's possible for YOU to post the code wherever you wish. It doesn't HAVE to be posted in the "official" Squeak locations.
On Nov 8, 2005, at 3:46 PM, Chris Muller wrote:
Well, I'd love to post the KryptOn code.. Ron, can you gauge from your meeting last week or anyone else with knowledge of this subject, after reading the description of KryptOn what do you think?
http://minnow.cc.gatech.edu/squeak/5785
I'm not looking for legal advice (but I'll take it if someone offers), just "gut feelings" from you guys who know a lot more about it than I do. Safe to post this on squeaksource?
Swiki is in the US, maybe that would be even safer..?
Thanks, Chris _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ cryptography
cryptography@lists.squeakfoundation.org
-
Cees De Groot -
Chris Muller -
Matthew S. Hamrick -
Ron Teitelbaum