Re: [ga] Secure DNS

[Sandy Harris <sandy@storm.ca>]

"Roeland M.J. Meyer" wrote:
> 
> You are aware that even in the current relaxed crypto atmosphere,

My reading is not that the atmosphere is "relaxed". The US gov't lost
two court decisions in the Bernstein case:

http://www.eff.org/bernstein/

so they changed their regulations and asked for a re-hearing. Big deal.

All they changed was making export of public domain software not require
a permit. The Wassenaar agreement has had an exemption for public domain
code for years, but the US gov't. has consistently refused to live up to
that agreement. They're now living up to it part way, but still not
completely. They require notification, for something the agreement says
is exempt, period.

The EFF argue that the requirement for notification means the export
regulations are still an unconsitutional restriction on freedom of
speech.

Also, they're still restricting key sizes in commercial software.

> none of us in the USA can help with this?

I think you can. If I'm wrong, methinks you should all be screaming
at your congresscritters and ICANN should be drafting something
much like RFC 1984. 

DNS security code provides only authentication, not encryption, so it
should be exempt even under US law. See the page on toad.com referenced
in my original post, though. They granted and then withdrew export
permission on this if I understood the story right.

Also, BIND (Berkely Internet Name Daemon, the most widely used DNS
server) is "public domain" code by the Wassenaar definition of the
term (http://www.fitug.de/news/wa/index.html) so it would be
exportable under current regulations even if their reasons for
withdrawing permission under the old regs were valid.


> BTW, I'm begining to be sorry that I ever mentioned the idea.
> 
> http://www.dnso.net/mhsc-tld.htm
>
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html