Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Hifn Restricts Crypto Docs, OpenBSD Opens Fire 304

Posted by ScuttleMonkey
from the don't-tread-on-me dept.
Mhrmnhrm writes "After totally closing off public access to documentation for their chips roughly five years ago, Hifn is again offering them, but with an invasive registration requirement. Needless to say, Theo de Raadt and the rest of the OpenBSD team were not amused, and following a Hifn manager's missive, the gauntlet has been thrown. Either open the docs fully, or be removed from the system. This wouldn't be the first time... the same thing happened to both Adaptec and Intel following similar spats."
This discussion has been archived. No new comments can be posted.

Hifn Restricts Crypto Docs, OpenBSD Opens Fire

Comments Filter:
  • by tygerstripes (832644) on Wednesday June 14, 2006 @07:27AM (#15531252)
    Due to lazy moderation and posting, there now appears to be no point in posting anything as a reply, so I'll ask again what I think is a pertinent question as a main post:

    How would this violate US Export Licences???

    Fine, don't export chips overseas without knowing who you're selling to, but documentation? For driver developers no less?? When Hifn themselves are trying to say that this information is open and free???

    This is the key point of Theo's argument, surely: that Hifn are not at all obliged to demand this information, and therefore are going against the principles of open access/source by demanding it. Can someone please explain what I'm missing here.

  • by Toy G (533867) <[toyg] [at] [libero.it]> on Wednesday June 14, 2006 @07:32AM (#15531280) Homepage Journal
    Documentation on how to interface with the hardware chip is NOT covered by export regulations. Only the actual chip, and its design specifications in regard to implemented algorithms, are covered.
    Hence, the docs that OpenBSD folks need (and had access to, until a few years ago) are NOT covered.

    The choice is between "giving back access to documentation to allow developers to work with your hardware" or "keep track of developers for marketing purposes".
    Export regulations enter the picture only if you don't know them.
  • by mcbridematt (544099) on Wednesday June 14, 2006 @07:34AM (#15531294) Homepage Journal
    "Jason and I spent a lot of time writing that code in the
    past, but because your policies are privacy invasive towards us, and
    thus completely thankless for the sales that we have given you in the
    past -- we will not spend any more time on your crummy products."


    Sales?

    Unless Theo can give a decent estimate of how much 'sales' OpenBSD has 'given' them, I doubt the upper brass at Hifn cares about Theo's whinging.

    If you want drivers for "less mainstream OS'es", please attach your request to a large multi-mega-million part order from <insert vendor here>. If you don't believe me, we'll, the only reason NVIDIA's Linux support is miles ahead of ATI is due to the demand from Hollywood setups to use high-end-5000%-margin professional cards on Linux, not geeks on Slashdot playing Tuxracer.
  • by nonmaskable (452595) on Wednesday June 14, 2006 @07:46AM (#15531358)
    I really don't see how this is supposed to be a violation of export licences

    AFAIK (and IANAL), detailed hardware documentation is considered the same as the product under the export license laws. Cryptographic technology actually falls under an even more restrictive license class - munitions.

    http://en.wikipedia.org/wiki/Export_of_cryptograph y [wikipedia.org]

    Read the "Current Status" section. My point is that Hifn isn't "baiting" anyone. You might disagree with their lawyer or think it's your right to demand that Hifn fight "the man", but that's another issue.
  • Re:Theo (Score:3, Informative)

    by Anonymous Coward on Wednesday June 14, 2006 @08:09AM (#15531485)
    You clearly have no idea what goes on before Theo brings something public.

    Repeated contacts are attempted, and vendors ignore them.
    More contacts are attempted, and maybe a low-level person says, "I'll check into it"...and then vanishes.

    This goes on for some time before things are brought public.

    Publicly pointing out the idiocy of a corporate policy is an absolute last step. The potential for dammage is recognized, but by that point, it really doesn't matter. The "nice and quiet" approach has been tried, failed, and produced NOTHING. What's the worst that can happen by bringing things public and nasty? Nothing! What's the best that can happen? Something better than nothing. This is only done after there is NOTHING LEFT TO LOSE!

    Vendors like it when you are nice and ask quietly. They can easily ignore you, pretend you don't exist and conduct business as usual.

    Meanwhile, the rest of the open source software world sits back, calls Theo a jerk, and benefits from the work he does, and says, "look how nice we are". Lazy bums.
  • by nonmaskable (452595) on Wednesday June 14, 2006 @08:42AM (#15531660)
    Please post links supporting this contention, or withdraw it.

    http://www.access.gpo.gov/bis/ear/ear_data.html [gpo.gov]

    You can skip many of the "Part XXX"s. The applicable categories are obvious. Don't forget to read interpretations and supplement 2.

    I'm not going to respond to the rest of your rant, other than to suggest you get legal advice somewhere other than mailing lists and agitprop web sites.
  • by bodgit (658527) on Wednesday June 14, 2006 @08:50AM (#15531712)
    I wouldn't be surprised if a lot of their customers were BSD users. It's quite a common OS in the sort of application this chip is designed for.

    HiFn chips are used in the crypto accelerators made by Soekris Engineering [soekris.com]. OpenBSD running on one of their embedded PC boards along with one of their crypto accelerator cards is quite a popular combination.

  • Re:By my math... (Score:3, Informative)

    by Enderandrew (866215) <.enderandrew. .at. .gmail.com.> on Wednesday June 14, 2006 @08:54AM (#15531744) Homepage Journal
    Actually a document that is released freely in the public domain can be redistributed. The RIAA gets on people's cases about distributing something that was not released freely to begin with.
  • Re:By my math... (Score:3, Informative)

    by gkhan1 (886823) <oskarsigvardssonNO@SPAMgmail.com> on Wednesday June 14, 2006 @10:11AM (#15532327)
    Yeah, documents released in the public domain can be distributed at will, because per definition if something is in the public domain it's not copyrighted. That is, the author has specifically given up his copyright or that the copyright has expired (what is it, 75 years after his death or something?). But this isn't the case here, the documents are released free as in beer, not free as in speech.

    Take the computer software analogy: just because IE is released for free for everyone to download, it does not mean that it isn't copyrighted. Or take a book analogy: say that a writer starts handing out his books for free, that still doesn't mean that a publisher can without permission start printing copies of it. That would be copyright infringment. Or take an internet analogy: even if someone writes a stellar article on dungbeetles somewhere on the internet, available for free, it would still be illegal to put that up on Wikipedia because the original author owns the copyright on the text.

  • Re:By my math... (Score:3, Informative)

    by chill (34294) on Wednesday June 14, 2006 @11:01AM (#15532794) Journal
    You have to sign an NDA to get the documents. So you would be violating the NDA to redistribute them.

    You are wrong. I just filled out their form and got immediate access to the spec sheets, no NDA required. The form asked if I had an existing NDA and I said "no". It didn't complain. I was automatically e-mailed a password which gave me immediate access to the 7956 Security Accelerator data sheet, no questions asked.

    The data sheet itself is copyright and does say you can't redistribute without permission. It also contains a US Export notice and claims to be HiFn Confidential. I've already sent in an e-mail asking for permission, so we'll see where that goes.

    The form was basically name, address, phone number and do you want to be notified when they update docs.

    Get a damn P.O. Box and disposable cell phone if you are really bothered.

    There ARE clauses on the document that are worrisome, so Theo HAS a valid argument but I believe a lot of this stems from boilerplate text which HiFn executives haven't read in years. Theo obviously HAS read it and is raising an appropriate fuss.
  • by mpapet (761907) on Wednesday June 14, 2006 @11:48AM (#15533214) Homepage
    *IF* the company's corporation is U.S. based, then nearly all crypto is easily exported these days. Even RSA.

    If you make a new cryptographic method in the US, (not PKI/RSA/etc, not AES/DES, not known hashing) then your system will probably require review before export approval. This is not most crypto though.

    No, you can't send it to Cuba or other countries declared bad for whatever reason, but you can export crypto from the U.S. to most places in the world easily.

    The vendor's spooky "if" scenarios are a pathetic attempt to justify collecting personal information.
  • by nytes (231372) on Wednesday June 14, 2006 @12:50PM (#15533691) Homepage
    Any technical data can be covered by export regulations. Under ITAR it can be (and currently is) considered a service.

    My company builds satellite tracking systems. You can control it from a serial terminal using a simple command set (an "interface") but we are not allowed to give our international customers that command set without State Dept. clearance, which can take six months to get.

    Furthermore, we need to know who our customers intend to allow to see that information (like subcontractors).

    ITAR compliance is a bitch. It's deliberately vague so they can apply it flexibly.
  • by Ash-Fox (726320) on Wednesday June 14, 2006 @09:50PM (#15537220)
    > But guys like Theo are our public face. What's wrong with that picture?

    Nothing.
  • by LandruBek (792512) on Wednesday June 14, 2006 @11:43PM (#15537797)
    We aren't talking about exporting the technology, we are talking about exporting documents that talk about the technology. And if that is illegal, perhaps this thread is too, because it is talking about documents that talk about crypto technology. Turtles all the way down.

    I know there are export controls on the chips, but I don't believe it would be illegal to give away the datasheets, for the reasons that I wrote about to a couple other guys. In short, they are only the freaking datasheets, not the crypto-goodies themselves. By the way, the last thing NSA would fuss about would be if the datasheets helped you hack the technology -- they worry about too-strong encryption, not too-weak encryption (with the exception of that time they silently fixed the differential cryptanalysis vulnerability in DES, before the world at large knew what differential cryptanalysis was). (By the way, hi to you guys in Fort Meade, if you're reading this.)

  • Re:Theo (Score:2, Informative)

    by the_B0fh (208483) on Thursday June 15, 2006 @10:45AM (#15540447) Homepage
    I've been on misc@ for about 8 years now. From what I've seen, Theo is only short with people who want to make him do things _their_ way, rather than work with him to get things done his way.

    For example, every now and then, someone who bitch about the price of CDs, and how it would be more beneficial to sell OpenBSD CDs with only x86, as that's what most users have. You know, sell it for $29.95 or something, and supposedly, OpenBSD will sell more of it.

    Most of the times, these people are only interested in doing things for THEMSELVES. People buy OpenBSD CDs to support the project - else, they'd just download it. Additionally, it takes time, money and effort to carry TWO different products, and all these is being done by volunteers. Not to mention inadvertantly shipping the wrong product, etc.

    But for some damned reason, these people keep coming back to insist that THEIR way is better, and OpenBSD MUST OFFER A SINGLE X86 CD VERSION OF OPENBSD, OR OPENBSD WILL DIE OFF.

    bloody irritating fsckers, lemme tell you.

An authority is a person who can tell you more about something than you really care to know.

Working...