[Sent by fax 9 March 1994, assigned CJ Case# 081-94]
					Phil Karn
					7431 Teasdale Avenue
					San Diego, CA 92122
					karn@unix.ka9q.ampr.org (Internet)
					619-587-8281 (voice)
					619-587-1825 (fax)

ATTN: Maj Gary Oncale - 15 Day CJ Request
U.S. Department of State
Office of Defense Trade Controls
PM/DTC SA-6 Room 200
1701 N. Fort Myer Drive
Arlington, VA  22209-3113
Fax +1 703 875 5845

ATTN: 15 Day CJ Request Coordinator
National Security Agency
P.O. Box 246
Annapolis Junction, MD  20701

Subject:  Mass Market Software with Encryption - 15 Day Expedited Review

Subject:  Commodity Jurisdiction Request for


This is a Commodity Jurisdiction Request for mass market software with encryption capabilities. It is a followup to an earlier CJR (case 038-94, dated February 12, 1994) regarding the book "Applied Cryptography" by Bruce Schneier, published by John Wiley and Sons, ISBN 0-471-59756-2.

In your reply of March 2, 1994, you explicitly limited your determination that the item was outside State jurisdiction to the book itself, explicitly excluding the source code diskettes available from the author. Hence my second request.

The newly released diskette that is the subject of the present request should not be confused with the more comprehensive two-diskette set also available from the author. This new diskette is strictly limited to the source code that already appears in the book, which you have already determined to be public domain. Character by character, the information is exactly the same. The only difference is the medium: magnetic impulses on mylar rather than inked characters on paper.

I have no DTC registration code.

I have reviewed and determined that this diskette, the subject of this CJ request, meets paragraph 1 of the "Criteria for Determining the Eligibility of A Mass Market Software Product for Expedited Handling."

I base this determination on the following facts:

a) this diskette is readily available from the author by mail-order, thus qualifying it as mass market software;

b) sufficient documentation is included to allow installation and use by any end user capable of compiling and executing it. To my knowledge the author provides no "product support" as that term is generally understood; and

c) the diskette contains source code for encryption software that provides confidentiality.

A duplicate copy of this CJR has been sent to the 15 Day CJ Request Coordinator.


This diskette contains (and is limited to) the exact same source code printed in Part 5 of "Applied Cryptography", the subject of ODTC Case CJ 038-94. It is not to be confused with the more comprehensive two-disk set previously released by Mr. Schneier and mentioned in his book.

Mr. Schneier's announcement (attached) lists the contents of this diskette.


The diskette is available from Mr. Schneier, a US citizen living in the US. The price is $15.


The software on this diskette is provided for those who wish to incorporate encryption into their applications.

Examples of the commercial use of these ciphers include integrity verification, authentication and confidentiality of electronic mail, computer software, voice, video and other information in digitized form. For example, the Internet's Privacy Enhanced Mail (PEM) project uses DES for confidentiality and MD5 for integrity. The Pretty Good Privacy (PGP) package uses IDEA and MD5 for the same purposes. PGP is now widely used around the world.

The uses of these ciphers have not changed significantly over time, although their popularity has grown substantially. Their present military utility is unknown, except that it is believed that none of these algorithms are approved for the protection of US classified information.


There are no military standards or specifications that this diskette is designed to meet. There are no special characteristics of the diskette, including no radiation-hardening, no ballistic protection, no hard points (the corners of the diskette are rounded), no TEMPEST capability, no thermal and no infrared signature reduction capability, no surveillance, and no intelligence gathering capability. The diskette does not use image intensification tubes.


I recommend that this diskette be determined to be in the jurisdiction of the Commerce Department. I believe that it qualifies for the general license GTDA for General Technical Data to All Destinations, because it qualifies as "publicly available".


I have enclosed the announcement of this diskette's availability as published over various electronic mailing lists by the author.
From: schneier@chinet.com (Bruce Schneier)
Subject: announcement
Date: Tue, 8 Mar 1994 14:21:25 -0600 (CST)



This disk includes all the source code from the book, Applied Cryptography:

	Vigenere, Beauford, Variant Beauford
	LOKI 91
	Secure Hash Algorithm (SHA)
	Secret Sharing

The code is available either on a single 5.25 or 3.5 IBM-PC disk, or
on a single 3.5 Macintosh disk.

Cost: $15

Bruce Schneier
Counterpane Systems
730 Fair Oaks Ave
Oak Park, IL  60302

(708) 524-9461