Re: Export restrictions / SSH session key

Richard E. Silverman schrieb:

As Nico said, ask a lawyer.

I have already contacted our lawyer in the company.

However, the hostkeys in SSH-2 are used only
for signing, not encryption, and I believe there are no restrictions on
signature algorithms.

For SSHv2 this is also my understanding.
But we would still like to use SSHv1 only, because DES is not
recommended in SSHv2.

From the Wassenaar Arrangement it is not possible for me to
interpret the following sentences:

- free for export are: all symmetric crypto products of up to 56 bits, all asymmetric
crypto products of up to 512 bits, and all subgroup-based crypto
products (including
elliptic curve) of up to 112 bits;
- mass-market symmetric crypto software and hardware of up to 64 bits are free for
export (the 64-bit limit was deleted on 1 December 2000, see
below);
- the export of products that use encryption to protect intellectual property (such as
DVDs) is relaxed;
- export of all other crypto still requires a license.

The key point is:
Does the encryption of the session key with RSA (by default 768 bits) violate
this arrangement, or does this arrangement only affect the 'encryption' of the
data itself?

Kind Regards
Quebert

.