Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-and-a-half-years collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of,,,, and, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.


7 January 1999

Date: Wed, 6 Jan 1999 20:11:28 -0400 (AST)
From: M Taylor <>
Subject: Canadian Export Controls on Crypto from DFAIT

Export Controls on Cryptographic Goods SER-113
Contrôles à l'exportation sur les produits de cryptographie

I found this recently, published Jan 5 1999 by the Department of Foreign
Affairs and International Trade (DFAIT). Most of it was expected, most of
it is good. The only confusion, which I'd like to see cleared up, is in
regards to the changes to Mass-Market Software. At first it seems a step
backwards; 64bit symmetric, 512bit RSA, 512bit DH over Z/pZ, 112bit DH
over elliptic curve, but there is either a typo or hope for 128-bit
symmetric algorithm encryption be covered by a General Export Permit,
which might at least make 128-bit mass-market easily exported to many
(US,EU,AU,NZ, ??) countries.

With these changes I expect Entrust, Certicom, ZKS and others won't be
moving their cryptographic development outside Canada as fast as they
would under the US's December announcement. Expect 'mirroring' foreign
offices to continue. I think that if it had not been for Industry Canada's
development of a Canadian Cryptography Policy
<> in 1998, the changes would
of been far more instep with US's requests. Canadians are a private
people, and Industry Canada has argued that E-commerce will not
become a reality in Canada without an infrastructure of cryptographic
strong hardware and software.

I will continue to freely export software under the exemption for "in the
public domain" software.


-----BEGIN QUOTE-----

Notice to Exporters
Export and Import Permits Act

Serial No. 113
Date: December 23, 1998



     10. The Wassenaar Arrangement Participating States agreed to remove
from control:

          (a) goods performing the function of authentication;

          (b) goods performing the function of digital signature;

          (c) access control goods where there is no encryption of files
          or text except as directly related to the protection of
          passwords, Personal Identification Numbers (PINs) or similar
          data to prevent unauthorized access;

          (d) goods employing analogue principles when not implemented
          with digital techniques;

          (e) goods employing a symmetric algorithm with a key length of
          56 bits or less;

          (f) goods employing an asymmetric algorithm where the security
          of the algorithm is based on any of the following:

               (i)  factorisation of integers not greater than 512 bits 
                 (e.g. RSA);
               (ii) computation of discrete logarithms in a multiplicative
               group of a finite field of size not greater than 512 bits
               (e.g.Diffie-Hellman over Z/pZ); and
               (iii) discrete logarithms in a group other than mentioned 
               in (ii) above and not greater than 112 bits (e.g.
               Diffie-Hellman over an elliptic curve).

          (g) receiving equipment for radio broadcast, pay television or
          similar restricted audience television of the consumer type,
          without digital encryption except that exclusively used for
          sending the billing or programme-related information back to the
          broadcast providers;

          (h) goods where the cryptographic capability is not 
          user-accessible and which is specially designed and limited to
          allow any of the following:

               (i)    execution of copy-protected software;
               (ii)   access to any of the following:

                    a.  copy-protected read-only media;
                    b.  information stored in encrypted form on
                    media (e.g. in
                         connection with the protection of intellectual
                         rights) when the media is offered for sale in
                         sets to the public; or
                    c.  one-time copying of copyright protected
                    audio/video data.

          (i) goods specially designed and limited to banking use or money
          transactions; and

          (j) cordless telephone equipment not capable of end-to-end
          encryption where the maximum effective range of unboosted
          cordless operation (i.e., a single, unrelayed hop between
          terminal and home base station) is less than 400 metres;

     11. In addition, the Wassenaar Arrangement Participating States

        (a) to remove the exporter semi-annual reporting requirements; and

        (b) to maintain the existing exemption for software "in the public


     12. The Wassenaar Arrangement Participating States agreed to replace
     Entry 1 of the General Software Note for Mass Market Cryptographic
     Software with a Cryptography Note applicable to both hardware and
     software goods that meet all of the following:

          (a) generally available to the public by being sold, without
          restriction, from stock at retail selling points by means of any
          of the following:

               (i)    over-the-counter transactions;
               (ii)   mail order transactions;
               (iii)  electronic transactions; or
               (iv)  telephone call transactions

          (b) the cryptographic functionality cannot easily be changed
          by the user;

          (c) designed for installation by the user without further
          substantial support by the supplier;

          (d) does not contain a symmetric algorithm employing a key
          length exceeding 64 bits; and

          (e) when necessary, details of the items are accessible and
          will be provided, upon request, to the appropriate authority in
          the exporter's country in order to ascertain compliance with
          conditions described in paragraphs a. to d. above.

     13. In addition to the technical changes, the Wassenaar Arrangement
     Participating States agreed that the controls on Mass Market goods as

     defined in sub-paragraph 12 (d) above will remain in effect for two 
     years and that the renewal of such controls for a successive period
     will require the unanimous consent of the Wassenaar Arrangement
     Participating States.

     16. The regulatory changes will not affect the export of
     cryptographic goods and technologies to the United
     States. There will continue to be no permit requirements to
     export cryptographic goods or technologies to the United

     17. The regulatory changes to Canada's export controls
     will come into effect in approximately six months. 

     18. As soon as practicable, a General Export Permit will
     be issued for mass market software employing a
     symmetric algorithm with a key length not exceeding 128

     24. Questions regarding this Notice should be directed to:

               The Department of Foreign Affairs and International Trade,
               Export Controls Division, (EPE)
               125 Sussex Drive,
               Ottawa, Ontario,
               K1A 0G2 
               Telephone: (613) 996-2387
               Facsimile: (613) 996-9933 

(c) Department of Foreign Affairs and International Trade, 1998

-----END QUOTE-----