Hifn Restricts Crypto Docs, OpenBSD Opens Fire 304
Mhrmnhrm writes "After totally closing off public access to documentation for their chips roughly five years ago, Hifn is again offering them, but with an invasive registration requirement. Needless to say, Theo de Raadt and the rest of the OpenBSD team were not amused, and following a Hifn manager's missive, the gauntlet has been thrown. Either open the docs fully, or be removed from the system. This wouldn't be the first time... the same thing happened to both Adaptec and Intel following similar spats."
Oh for pity's sake... (Score:5, Informative)
How would this violate US Export Licences???
Fine, don't export chips overseas without knowing who you're selling to, but documentation? For driver developers no less?? When Hifn themselves are trying to say that this information is open and free???
This is the key point of Theo's argument, surely: that Hifn are not at all obliged to demand this information, and therefore are going against the principles of open access/source by demanding it. Can someone please explain what I'm missing here.
Re:Export regulations? (Score:5, Informative)
Hence, the docs that OpenBSD folks need (and had access to, until a few years ago) are NOT covered.
The choice is between "giving back access to documentation to allow developers to work with your hardware" or "keep track of developers for marketing purposes".
Export regulations enter the picture only if you don't know them.
Whinge whinge whinge.. (Score:4, Informative)
past, but because your policies are privacy invasive towards us, and
thus completely thankless for the sales that we have given you in the
past -- we will not spend any more time on your crummy products."
Sales?
Unless Theo can give a decent estimate of how much 'sales' OpenBSD has 'given' them, I doubt the upper brass at Hifn cares about Theo's whinging.
If you want drivers for "less mainstream OS'es", please attach your request to a large multi-mega-million part order from <insert vendor here>. If you don't believe me, we'll, the only reason NVIDIA's Linux support is miles ahead of ATI is due to the demand from Hollywood setups to use high-end-5000%-margin professional cards on Linux, not geeks on Slashdot playing Tuxracer.
Re:Export regulations? (Score:4, Informative)
AFAIK (and IANAL), detailed hardware documentation is considered the same as the product under the export license laws. Cryptographic technology actually falls under an even more restrictive license class - munitions.
http://en.wikipedia.org/wiki/Export_of_cryptograp
Read the "Current Status" section. My point is that Hifn isn't "baiting" anyone. You might disagree with their lawyer or think it's your right to demand that Hifn fight "the man", but that's another issue.
Re:Theo (Score:3, Informative)
Repeated contacts are attempted, and vendors ignore them.
More contacts are attempted, and maybe a low-level person says, "I'll check into it"...and then vanishes.
This goes on for some time before things are brought public.
Publicly pointing out the idiocy of a corporate policy is an absolute last step. The potential for dammage is recognized, but by that point, it really doesn't matter. The "nice and quiet" approach has been tried, failed, and produced NOTHING. What's the worst that can happen by bringing things public and nasty? Nothing! What's the best that can happen? Something better than nothing. This is only done after there is NOTHING LEFT TO LOSE!
Vendors like it when you are nice and ask quietly. They can easily ignore you, pretend you don't exist and conduct business as usual.
Meanwhile, the rest of the open source software world sits back, calls Theo a jerk, and benefits from the work he does, and says, "look how nice we are". Lazy bums.
Re:Export regulations? (Score:3, Informative)
http://www.access.gpo.gov/bis/ear/ear_data.html [gpo.gov]
You can skip many of the "Part XXX"s. The applicable categories are obvious. Don't forget to read interpretations and supplement 2.
I'm not going to respond to the rest of your rant, other than to suggest you get legal advice somewhere other than mailing lists and agitprop web sites.
Re:Whinge whinge whinge.. (Score:3, Informative)
HiFn chips are used in the crypto accelerators made by Soekris Engineering [soekris.com]. OpenBSD running on one of their embedded PC boards along with one of their crypto accelerator cards is quite a popular combination.
Re:By my math... (Score:3, Informative)
Re:By my math... (Score:3, Informative)
Take the computer software analogy: just because IE is released for free for everyone to download, it does not mean that it isn't copyrighted. Or take a book analogy: say that a writer starts handing out his books for free, that still doesn't mean that a publisher can without permission start printing copies of it. That would be copyright infringment. Or take an internet analogy: even if someone writes a stellar article on dungbeetles somewhere on the internet, available for free, it would still be illegal to put that up on Wikipedia because the original author owns the copyright on the text.
Re:By my math... (Score:3, Informative)
You are wrong. I just filled out their form and got immediate access to the spec sheets, no NDA required. The form asked if I had an existing NDA and I said "no". It didn't complain. I was automatically e-mailed a password which gave me immediate access to the 7956 Security Accelerator data sheet, no questions asked.
The data sheet itself is copyright and does say you can't redistribute without permission. It also contains a US Export notice and claims to be HiFn Confidential. I've already sent in an e-mail asking for permission, so we'll see where that goes.
The form was basically name, address, phone number and do you want to be notified when they update docs.
Get a damn P.O. Box and disposable cell phone if you are really bothered.
There ARE clauses on the document that are worrisome, so Theo HAS a valid argument but I believe a lot of this stems from boilerplate text which HiFn executives haven't read in years. Theo obviously HAS read it and is raising an appropriate fuss.
Re: Crypto is a Red Herring (Score:2, Informative)
If you make a new cryptographic method in the US, (not PKI/RSA/etc, not AES/DES, not known hashing) then your system will probably require review before export approval. This is not most crypto though.
No, you can't send it to Cuba or other countries declared bad for whatever reason, but you can export crypto from the U.S. to most places in the world easily.
The vendor's spooky "if" scenarios are a pathetic attempt to justify collecting personal information.
Re:Export regulations? (Score:2, Informative)
My company builds satellite tracking systems. You can control it from a serial terminal using a simple command set (an "interface") but we are not allowed to give our international customers that command set without State Dept. clearance, which can take six months to get.
Furthermore, we need to know who our customers intend to allow to see that information (like subcontractors).
ITAR compliance is a bitch. It's deliberately vague so they can apply it flexibly.
Comment removed (Score:2, Informative)
Re:Can hifn comply with OpenBSD's demands? (Score:2, Informative)
I know there are export controls on the chips, but I don't believe it would be illegal to give away the datasheets, for the reasons that I wrote about to a couple other guys. In short, they are only the freaking datasheets, not the crypto-goodies themselves. By the way, the last thing NSA would fuss about would be if the datasheets helped you hack the technology -- they worry about too-strong encryption, not too-weak encryption (with the exception of that time they silently fixed the differential cryptanalysis vulnerability in DES, before the world at large knew what differential cryptanalysis was). (By the way, hi to you guys in Fort Meade, if you're reading this.)
Re:Theo (Score:2, Informative)
For example, every now and then, someone who bitch about the price of CDs, and how it would be more beneficial to sell OpenBSD CDs with only x86, as that's what most users have. You know, sell it for $29.95 or something, and supposedly, OpenBSD will sell more of it.
Most of the times, these people are only interested in doing things for THEMSELVES. People buy OpenBSD CDs to support the project - else, they'd just download it. Additionally, it takes time, money and effort to carry TWO different products, and all these is being done by volunteers. Not to mention inadvertantly shipping the wrong product, etc.
But for some damned reason, these people keep coming back to insist that THEIR way is better, and OpenBSD MUST OFFER A SINGLE X86 CD VERSION OF OPENBSD, OR OPENBSD WILL DIE OFF.
bloody irritating fsckers, lemme tell you.