Some more on PGP and such

Mon Dec 19 19:30:43 CET 1994

	We are using PGP to *sign* the mails. Signature is not encryption.
		-- Laurent

In our previous episode, Geert Jan de Groot said:
> 
> 
> While I'm not trying to start a PGP-discussion here I thought that
> some background info might be useful. Seems that the possibility
> to use this varies strongly per country..
> 
> Geert Jan
> 
> ------- Forwarded Message
> 
> Date:    Sat, 17 Dec 1994 11:23:21 +0100
> From:    Yves Devillers <Yves.Devillers at inria.fr>
> To:      Geert Jan de Groot <GeertJan.deGroot at ripe.net>
> Subject: Re: France & PGP 
> 
> 
> In message <9412170039.AA28528 at ncc.ripe.net> geertjan.degroot at ripe.net wrote:
> 
>    
>    Yves,
> 
>    Out of curiosity, is PGP a legal piece of software to use in France?
> 
> ==>This is precisely a nightmare to security people in France.
> The rule is that any encryption (== two way) must be first approved
> by SCSSI (a body, immediatly under the authority of prime-minister, in
> charge of acting wrt computer and infomration system security).
> If it's one way only (eg: Unix pwcrypt) it only need to be 
> "declared" (announced).
> 
> I had quite some dfiscussion with police people in charge of those problem.
> They understand our need for privacy and trustness but they object that the
> first ones to use PGP will be major drug dealers, and other mafia.
> They disagree with us using PGP (which any way is a violation of french
> laws since it is not approved/authorised by SCSSI, who can't break it)
> 
>    If not, what are the rules? Is PGP-encrypted traffic allowed via the
>    Paris POP of Ebone?
> 
> ==>I don't think there are explicit restriction on the type that traffic
> that can flow through Ebone based on grounds like "unlawfull usage of
> encryption". The only restriction that may exist are to prevent computer
> attacks to propagate : RENATER (and EUnet) have the facility to disconnect
> a line - under emergency, and under control - in case of computer attack.
> 
> 
>    We're discussing adding PGP support in the authorisation mechanism
>    of the database. I'm a bit pessimistic on the legal aspects of this,
>    and would like to find out if it is a problem to you.
> 
> ==>I am not a bit pessimistic, I simply see no hope here. No organisedd body
> (identifiable and able to the target of prosecution) can recommend using
> PGP. With lot of hypocrisy I can only admit that only individuals can indulge
> into those offenses.
> 
> I fear that if RIPE-NCC were to recommend that usage your team may experience
> problems next time they cross the french border (and any way with Europol
> being deployed you'll experience prosecution without the need for travel).
> I am convinced neither EUnet not RENATER will be able to accept to use such
> a recommendation.
> 
> As I mentionned above, security people are really touchy (err, nervous) 
> on PGP.
> 
>  Yves
> 
>  ----------------------------------------------------------------
>  Yves Devillers
>  e-mail:  Yves.Devillers at inria.fr      Institut National de Recherche
>                                        en Informatique et Automatique
>  Phone:   +33 1 39 63 55 96            INRIA, Centre de Rocquencourt
>  Fax:     +33 1 39 63 53 30            BP 105, 78153 Le Chesnay CEDEX
>  Twx:     633 097 F                    France.
> 
> 
> ------- End of Forwarded Message
> 
> 


-- 
Laurent Joncheray,                                 E-Mail: lpj at merit.edu
    Merit Network Inc, 1071 Beal Avenue,           Phone:  +1 (313) 936 2065
    Ann Arbor, MI 48109, USA                       Fax:    +1 (313) 747 3745
"This is the end, Beautiful friend. This is the end, My only friend, the end" JM


-------- Logged at  Wed Dec 21 18:48:18 MET 1994  ---------