Subject: Re: New encryption regulations
From: Ben_Tilly@trepp.com
Date: Thu, 13 Jan 2000 11:37:02 -0500


After a couple of conversations, more questions playing with the edges of
the rule.

Clearly it is legal to ship a compiler and source-code for an encryption
algorithm separately.  What about providing them in the same location?  (Eg
on a CDRom Red Hat includes both gcc and elsewhere encryption source-code.
Or both are available at ftp://ftp.cdrom.com.)

How about providing them with links back and forth?

How about providing a special stripped-down compiler for portability?  (For
instance a C compiler missing libraries etc so that it is sufficient to
compile the encryption algorithm but would not be appropriate for
general-purpose programming.)

How about providing a compiler for a language which happens to be suitable
for encryption algorithms?  The raw stuff of the language would be tuned to
dealing with bit-twiddling, addition, multiplication, etc.  None of which
is specific to or informative about encryption algorithms.

What exactly is source-code?  How about shipping an assembler and
source-code which happens to be in assembly that will work on Intel
machines?

How about shipping a binary with a dis-assembler?  The binary is just your
source-code in a particular compressed form, right?

Heck, what is a compiler?  Would a self-extracting zip that read a format
file to figure out what to extract be in some sense a compiler?  (OK, I am
pushing it.)

Yeah, yeah.  I know.  "The existence of evening, dear Boswell, does not
prove that day is the same as night!"  But still shipping a stripped-down C
compiler along with encryption code written in C and an automated
installation routine is almost as good as shipping a binary together with
source-code...

Cheers,
Ben