GnuPG and French law
Sylvain Soliman
Sylvain.Soliman@m4x.org
Thu Oct 18 10:15:02 2001
> It is possible to compile a version without Twofish and AES-192,
> AES-256 support. I don't know wether this helps.
As far as I can see from reading and re-reading French law, it's not the
algorithms that are concerned but the KEY SIZE (if that was implied from what
you said, sorry, I just don't know much about cryptography...).
I don't mean it makes any sense, I just try to state what is in that
(stupid?) law.
> No, I am not aware of this. The question is who can file such a
> document: The FSF as the copyright holder, the GUUG who is running the
> main server for GnuPG on behalf of the FSF, any of the authors or
> maybe my company?
Actually, what is written on the form seems to imply that you need to be
a company or an individual representing the "provider" of cryptographic
tools. There's absolutely no definition of what that means, but I guess that
almost anybody of those you mention could do it.
> Filing such a thing for each version could get very troublesome and
> what should we do if more and more contiries demand such a paper?
I understand that, but I guess that even doing it only once could be enough
for most law-conscious French users to be relieved.
I also think that encouraging such a behavior from the governments is not
good, however I must say that, working for that same ministry of Defense that
asks for such a form, and trying to promote there the use of open source
products and of cryptographic tools, I often find myself stopped because of the
"easy" answer: "this is not allowed by the law!".
Being able to state that GnuPG is on the same legal level as PGP could allow
me to continue my speech and give all of its advantages...
Sylvain.
--
Sylvain Soliman <Sylvain.Soliman@m4x.org> GnuPG Public Key: 0x0F53AF99
Secretaire adjoint - Fede. Francaise de Go http://ffg.jeudego.org/ffg-f.html
Co-mainteneur de PilotGOne http://minas.ithil.org/pilotgone/pilotgone.html
Page personelle http://contraintes.inria.fr/~soliman