Re: lynx-dev Lynx and SSL-encrypting

[Heather Stern]

I ate the fortune cookie first, then read what Larry W. Virden and 
mattack wrote:
> 
> > Why couldn't Lynx code contain the following..
> 
> The argument by people who deal with the US Dept of Commerce and the
> Munitions Act goes "By coding to and API, you are exporting information
> which has been declared protected as a part of national security".
> 
> Perhaps someone out there with a clean enough record, and enough
> dollars, could hire a lawyer, go thru the credit, police, FBI, etc.
> checks to get such a thing approved.  One of the problems with lynx
> in particular is that no standing body owns the source code.  This
> would, I suspect, make the paperwork a bit more difficult - whose background
> gets checked? 

As I understand it, partly from the Mozilla folks (who had to go through this 
thought line when releasing their code), partly from chats with an occasional
pal who follows this crypto stuff more closely than I do,  it goes something 
like this:
        * Commercial entities have to deal with the Dept In Charge Of
          Crypto this week (presently commerce) to get a license to
          export.
        * In *usual* practive they will approve 40 bits or less, 
          disapprove 128 bits stuff, and mull on the middle.
        * But, in present regs they can say "no" just because they had
          a bad hair day.  Or because they think you're up to something
          (and they don't even have to say so).

Err, okay so they have commercial entities over a barrel.  Actually a 
specific private entity (a person) probably gets the same barrel, in
the conveniently-packaged single unit size.  

And, as Larry noted, they don't want to deal with a consortia that isn't
a legally seperated entity they can jerk around.  So, how would you do it?
You could only do it by having an interface that is so generic that it
would cause great laughter in court if someone said "that right there is
for crypto, so it will violate national secrets, so it's munitions".  
In the world as it presently exists, MIME type handlers are one of these
generic interfaces... if the same interface handles [IMAGE] display,
reading PDF files, playing sound, etc then it's pretty bogus for them
to whine about crypto in order to shoot down the API.

My understanding on this is fuzzy since I'm not a lawyer (#include
<stddisclaimer.h>) but I have the impression that the two previous
departments' handling of this issue (before Commerce got it) was 
sloppy and/or unconstitutional, so they've been getting more sneaky 
and careful.  I suspect a lot of mathematical types end up considering
changing countries as a serious detail in their career path.  Purely an 
impression bearing my own emotional skew on things.

  . | .     Heather Stern                 |     address@hidden
--->*<---   Ricoh Silicon Valley, ADC   - * -   address@hidden
  ' | `     System Administrator          |     Filk committee, Loscon 26!
    Man must shape his tools lest they shape him.  -- Arthur R. Miller