Gilmore Publishes Strong Crypto Code Online for Authentication

This file is available on a Cryptome DVD offered by Cryptome. Donate $25 for a DVD of the Cryptome 10-year archives of 35,000 files from June 1996 to June 2006 (~3.5 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. Archives include all files of cryptome.org, cryptome2.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org. Cryptome offers with the Cryptome DVD an INSCOM DVD of about 18,000 pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985. No additional contribution required -- $25 for both. The DVDs will be sent anywhere worldwide without extra cost.

24 December 1997

To: bernstein-announce@toad.com
To: paul@vix.com, carl@also.media.org, gnu@toad.com
To: spock@rsa.com, pol@rsa.com, baldwin@rsa.com
Subject: Gilmore Publishes Strong Crypto Code Online for Authentication
Date: Tue, 23 Dec 1997 12:40:43 -0800
From: John Gilmore <gnu@toad.com>

[This announcement does not relate directly to the Bernstein case,
 but I felt the overlap of interest would be very strong.  -- John]

      Strong Crypto Code Published Online for Authentication

San Francisco, December 23, 1997 - Civil libertarian John Gilmore
today published strong authentication source code on the Internet,
making it available for worldwide access, despite U.S. National
Security Agency attempts to restrict such software.  He is publishing
Domain Name System Security software that contains a complete copy of
RSAREF, well-known cryptography software that is a predecessor to the
DNSsafe software released in October by RSA Data Security, Inc.

Mr Gilmore explains, "Internet publication of cryptography software is
considered an export by the US Government, and often requires
government permission under the Export Administration Regulations
(EAR).  But those regulations specifically exempt programs which
merely prove that information is authentic (authentication), rather
than hiding the information (privacy)."

The export regulations were amended in 1989 to exclude authentication
software.  Since that time, however, the National Security Agency has
been telling people privately that the exclusion only applies to
ready-to-run "binary" programs.  They have reportedly claimed that the
regulations still require government permission to export the
human-readable "source code" of authentication programs.  The plain
text of the regulations makes no such distinction, though; all
authentication programs are exempt.

Readers can obtain the software from Mr. Gilmore's web site for Domain
Name System Security, at http://www.toad.com/~dnssec or at
http://www.flash.net/~dnssec.  Future releases will be available from
the Internet Software Consortium, http://www.isc.org/bind.html.

The Electronic Frontier Foundation, which Mr. Gilmore co-founded, is
sponsoring a lawsuit to have the entire cryptography software export
control regime overturned.  In the three-year suit, Bernstein v. State,
Judge Marilyn Hall Patel has invalidated export controls administered by
both the State Department and the Commerce Department.  She ruled they
are an unconstitutional prior restraint against our First Amendment
right to speak and publish about cryptography.  The case is now in the
Ninth Circuit Court of Appeals.

Domain Name System Security:		http://www.toad.com/~dnssec
				or	http://www.flash.net/~dnssec
Internet Software Consortium:		http://www.isc.org
RSA Data Security:			http://www.rsa.com
Electronic Frontier Foundation:	        http://www.eff.org

Press Contacts:

	John Gilmore, Founding Board Member, EFF
	+1 415 221 6524, gnu@toad.com

	Shari Steele, Staff Attorney, Electronic Frontier Foundation
	+1 301 375 8856, ssteele@eff.org

	More press background is available at:
	http://www.toad.com/~dnssec/pressrel1.background.txt