On 1/12/10 2:32 AM, m.roth@5-cent.us wrote:
Ben McGinnes wrote:
The reason for the second one is pretty obvious, though, they know that SELinux would be (and is) used by non-Americans and they don't want to protect foreign secrets, they want to discover them.
Um, not quite: there *are* export controls on encryption, and even if they wanted it, they couldn't.
With the crypto that is already included by default in Linux (e.g. OpenSSH, OpenSSL, etc.), US companies are already unable to distribute their products to those few countries left on the list that those export controls apply to (not that that actually stops those countries from obtaining it anyway). You won't find any RHEL service contracts in Syria, Cuba, Iran, North Korea and whichever other countries are on the list (I can't be bothered looking it up).
It's more likely that the NSA reasoning is operational rather than legal. There are already enough suppliers of cryptographic software within the United States to show that compliance with that legislation is still possible. The NSA know that the crypto genie is out of the bottle, they're just not willing to share their own advances. Which makes sense considering what they do, it's not like GCHQ shares its advances with UK firms or the DSD shares theirs with Australian firms.
Regards, Ben