Some more on PGP and such

Mon Dec 19 18:05:40 CET 1994

While I'm not trying to start a PGP-discussion here I thought that
some background info might be useful. Seems that the possibility
to use this varies strongly per country..

Geert Jan

------- Forwarded Message

Date:    Sat, 17 Dec 1994 11:23:21 +0100
From:    Yves Devillers <Yves.Devillers at inria.fr>
To:      Geert Jan de Groot <GeertJan.deGroot at ripe.net>
Subject: Re: France & PGP 

In message <9412170039.AA28528 at ncc.ripe.net> geertjan.degroot at ripe.net wrote:

   Yves,

   Out of curiosity, is PGP a legal piece of software to use in France?

==>This is precisely a nightmare to security people in France.
The rule is that any encryption (== two way) must be first approved
by SCSSI (a body, immediatly under the authority of prime-minister, in
charge of acting wrt computer and infomration system security).
If it's one way only (eg: Unix pwcrypt) it only need to be 
"declared" (announced).

I had quite some dfiscussion with police people in charge of those problem.
They understand our need for privacy and trustness but they object that the
first ones to use PGP will be major drug dealers, and other mafia.
They disagree with us using PGP (which any way is a violation of french
laws since it is not approved/authorised by SCSSI, who can't break it)

   If not, what are the rules? Is PGP-encrypted traffic allowed via the
   Paris POP of Ebone?

==>I don't think there are explicit restriction on the type that traffic
that can flow through Ebone based on grounds like "unlawfull usage of
encryption". The only restriction that may exist are to prevent computer
attacks to propagate : RENATER (and EUnet) have the facility to disconnect
a line - under emergency, and under control - in case of computer attack.

   We're discussing adding PGP support in the authorisation mechanism
   of the database. I'm a bit pessimistic on the legal aspects of this,
   and would like to find out if it is a problem to you.

==>I am not a bit pessimistic, I simply see no hope here. No organisedd body
(identifiable and able to the target of prosecution) can recommend using
PGP. With lot of hypocrisy I can only admit that only individuals can indulge
into those offenses.

I fear that if RIPE-NCC were to recommend that usage your team may experience
problems next time they cross the french border (and any way with Europol
being deployed you'll experience prosecution without the need for travel).
I am convinced neither EUnet not RENATER will be able to accept to use such
a recommendation.

As I mentionned above, security people are really touchy (err, nervous) 
on PGP.

 Yves

 ----------------------------------------------------------------
 Yves Devillers
 e-mail:  Yves.Devillers at inria.fr      Institut National de Recherche
                                       en Informatique et Automatique
 Phone:   +33 1 39 63 55 96            INRIA, Centre de Rocquencourt
 Fax:     +33 1 39 63 53 30            BP 105, 78153 Le Chesnay CEDEX
 Twx:     633 097 F                    France.

------- End of Forwarded Message

-------- Logged at  Mon Dec 19 19:30:49 MET 1994  ---------