WASTE looks to be quite interesting.  It's great to see more people working to  crank up the level of confidentiality on the Internet.  I don't think people have any concept of how much sniffing is actually occurring out there, and how easy it has become since the explosion of WiFi.  This is why I've been so passionate about building deep, complacency-immune security into Groove from day one.  We really need to encourage efforts like this to increase confidentiality at both the middleware and at the application level.

But people seem to be wondering why WASTE has gone dark.  Could it possibly be that the Nullsoft and AOL guys don't want to go to jail??  This is serious business.

When I downloaded it and looked at the license, I saw a bunch of GPL legalese but I didn't see anything about export restrictions.  But last I checked, encryption software still requires an export license, as it has for as long as I've been in this business.  It's surely gotten easier, but there's still one mechanism for exporting (posting) crypto source code, and another mechanism for applying for a license if your product uses encryption e.g. for confidentiality.  You can't just set up a download site (or mirror site) as you can with other kinds of software.  Even if and after you qualify for a very broad e.g. “mass market” or “retail” license, you must make diligent efforts to block download/distribution to places like Cuba, Syria, Libya, Iran, North Korea, Sudan.  And if you know who you're downloading to (e.g. through site or product registration) you must check to see if they're on a list of known terrorists. [Ray Ozzie's Weblog]

Leave a comment