In article <20000531161727.A10871@frodo.rrze.uni-erlangen.de> you write:
> AFAIK France dropped that part of its legislation.
Reality is, as usual, complex, but this is mostly the truth. A decree
was published on March 17th 1999, that basically allows import and
use of information hiding systems, indexed with a key of up to 128 bits,
for private people. For distribution of such systems, there is a
declaration procedure, and it is guaranteed fast (no answer in one month
is considered as a positive answer); once the declaration has been done,
anybody can redistribute the system.
For authentication systems, that do not hide information (/etc/shadow,
for instance), there is basically no limit. There are a few technical
points but this is mostly a non-issue.
The point in this law/decree:
-- A decree from the government cannot cancel a law; we have a law that
states that there is a limit on keysizes, and above that limit, an
authorization must be obtained. Until the law is abroged, the decree
raises the limit from 40 bits to 128 bits.
-- The decree is optimized, so that people and corporates may use SSL to
do e-commerce.
-- The declaration procedure is mainly a way for the state to have
tachnical details about the products marketed in France, so that it may
warn French corporations if they want to use a weak product.
For export, there are restrictions due to some international treaties,
and this is the same for many countries. These restrictions are
supposed to be slightly relaxed, compared to the USA export rules
(but I lack information there).
--Thomas Pornin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed May 31 2000 - 21:00:27 EST