[Sent by fax 9 March 1994, assigned CJ Case# 081-94] Phil Karn 7431 Teasdale Avenue San Diego, CA 92122 [email protected] (Internet) 619-587-8281 (voice) 619-587-1825 (fax) ATTN: Maj Gary Oncale - 15 Day CJ Request U.S. Department of State Office of Defense Trade Controls PM/DTC SA-6 Room 200 1701 N. Fort Myer Drive Arlington, VA 22209-3113 Fax +1 703 875 5845 ATTN: 15 Day CJ Request Coordinator National Security Agency P.O. Box 246 Annapolis Junction, MD 20701 Subject: Mass Market Software with Encryption - 15 Day Expedited Review Requested Subject: Commodity Jurisdiction Request for "APPLIED CRYPTOGRAPHY SOURCE CODE DISK"
In your reply of March 2, 1994, you explicitly limited your determination that the item was outside State jurisdiction to the book itself, explicitly excluding the source code diskettes available from the author. Hence my second request.
The newly released diskette that is the subject of the present request should not be confused with the more comprehensive two-diskette set also available from the author. This new diskette is strictly limited to the source code that already appears in the book, which you have already determined to be public domain. Character by character, the information is exactly the same. The only difference is the medium: magnetic impulses on mylar rather than inked characters on paper.
I have no DTC registration code.
I have reviewed and determined that this diskette, the subject of this CJ request, meets paragraph 1 of the "Criteria for Determining the Eligibility of A Mass Market Software Product for Expedited Handling."
I base this determination on the following facts:
a) this diskette is readily available from the author by mail-order, thus qualifying it as mass market software;
b) sufficient documentation is included to allow installation and use by any end user capable of compiling and executing it. To my knowledge the author provides no "product support" as that term is generally understood; and
c) the diskette contains source code for encryption software that provides confidentiality.
A duplicate copy of this CJR has been sent to the 15 Day CJ Request Coordinator.
Mr. Schneier's announcement (attached) lists the contents of this diskette.
Examples of the commercial use of these ciphers include integrity verification, authentication and confidentiality of electronic mail, computer software, voice, video and other information in digitized form. For example, the Internet's Privacy Enhanced Mail (PEM) project uses DES for confidentiality and MD5 for integrity. The Pretty Good Privacy (PGP) package uses IDEA and MD5 for the same purposes. PGP is now widely used around the world.
The uses of these ciphers have not changed significantly over time, although their popularity has grown substantially. Their present military utility is unknown, except that it is believed that none of these algorithms are approved for the protection of US classified information.
From: [email protected] (Bruce Schneier) Subject: announcement Date: Tue, 8 Mar 1994 14:21:25 -0600 (CST) ANNOUNCING: APPLIED CRYPTOGRAPHY SOURCE CODE DISK This disk includes all the source code from the book, Applied Cryptography: Vigenere, Beauford, Variant Beauford Enigma DES Lucifer NewDES FEAL-8 FEAL-NX REDOC III LOKI 91 IDEA N-HASH MD5 Secure Hash Algorithm (SHA) Secret Sharing The code is available either on a single 5.25 or 3.5 IBM-PC disk, or on a single 3.5 Macintosh disk. Cost: $15 Bruce Schneier Counterpane Systems 730 Fair Oaks Ave Oak Park, IL 60302 (708) 524-9461 [email protected]