24 December 1997

To: bernstein-announce@toad.com
To: paul@vix.com, carl@also.media.org, gnu@toad.com
To: spock@rsa.com, pol@rsa.com, baldwin@rsa.com
Subject: Gilmore Publishes Strong Crypto Code Online for Authentication
Date: Tue, 23 Dec 1997 12:40:43 -0800
From: John Gilmore <gnu@toad.com>

[This announcement does not relate directly to the Bernstein case,
 but I felt the overlap of interest would be very strong.  -- John]

      Strong Crypto Code Published Online for Authentication

San Francisco, December 23, 1997 - Civil libertarian John Gilmore
today published strong authentication source code on the Internet,
making it available for worldwide access, despite U.S. National
Security Agency attempts to restrict such software.  He is publishing
Domain Name System Security software that contains a complete copy of
RSAREF, well-known cryptography software that is a predecessor to the
DNSsafe software released in October by RSA Data Security, Inc.

Mr Gilmore explains, "Internet publication of cryptography software is
considered an export by the US Government, and often requires
government permission under the Export Administration Regulations
(EAR).  But those regulations specifically exempt programs which
merely prove that information is authentic (authentication), rather
than hiding the information (privacy)."

The export regulations were amended in 1989 to exclude authentication
software.  Since that time, however, the National Security Agency has
been telling people privately that the exclusion only applies to
ready-to-run "binary" programs.  They have reportedly claimed that the
regulations still require government permission to export the
human-readable "source code" of authentication programs.  The plain
text of the regulations makes no such distinction, though; all
authentication programs are exempt.

Readers can obtain the software from Mr. Gilmore's web site for Domain
Name System Security, at http://www.toad.com/~dnssec or at
http://www.flash.net/~dnssec.  Future releases will be available from
the Internet Software Consortium, http://www.isc.org/bind.html.

The Electronic Frontier Foundation, which Mr. Gilmore co-founded, is
sponsoring a lawsuit to have the entire cryptography software export
control regime overturned.  In the three-year suit, Bernstein v. State,
Judge Marilyn Hall Patel has invalidated export controls administered by
both the State Department and the Commerce Department.  She ruled they
are an unconstitutional prior restraint against our First Amendment
right to speak and publish about cryptography.  The case is now in the
Ninth Circuit Court of Appeals.

Domain Name System Security:		http://www.toad.com/~dnssec
				or	http://www.flash.net/~dnssec
Internet Software Consortium:		http://www.isc.org
RSA Data Security:			http://www.rsa.com
Electronic Frontier Foundation:	        http://www.eff.org

Press Contacts:

	John Gilmore, Founding Board Member, EFF
	+1 415 221 6524, gnu@toad.com

	Shari Steele, Staff Attorney, Electronic Frontier Foundation
	+1 301 375 8856, ssteele@eff.org

	More press background is available at: