[CWG-Stewardship] DNSSEC wrinkle...

[manning]

for the 41 countries that are affected…   The IANA process for DNSSEC might need some explanation as well as DNSSEC support on a global basis.
———

The Wassenaar Arrangement (full name: The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies) is a multilateral export control regime (MECR) with 41 participating states including many former COMECON (Warsaw Pact) countries.
 
An FRN issued on 5/20/2015 https://www.federalregister.gov/articles/2015/05/20/2015-11642/wassenaar-arrangement-2013-plenary-agreements-implementation-intrusion-and-surveillance-items describes a proposal by Department of Commerce’s Bureau of Industry and Security (BIS) for a license requirement for the export, reexport, or transfer (in-country) of systems, equipment or components specially designed for the generation, operation or delivery of, or communication with, intrusion software; software specially designed or modified for the development or production of such systems, equipment or components; software specially designed for the generation, operation or delivery of, or communication with, intrusion software; technology required for the development of intrusion software; Internet Protocol (IP) network communications surveillance systems or equipment and test, inspection, production equipment, specially designed components therefor, and development and production software and technology therefor.
 
The FRN notes that BIS is seeking information about the effect of this rule and would appreciate the submission of comments, and especially answers to the following questions:

1. How many additional license applications would your company be required to submit per year under the requirements of this proposed rule? If any, of those applications:
a. How many additional applications would be for products that are currently eligible for license exceptions?
b. How many additional applications would be for products that currently are classified EAR99?

2. How many deemed export, reexport or transfer (in-country) license applications would your company be required to submit per year under the requirements of this rule?

3. Would the rule have negative effects on your legitimate vulnerability research, audits, testing or screening and your company's ability to protect your own or your client's networks? If so, explain how.

4. How long would it take you to answer the questions in proposed paragraph (z) to Supplement No. 2 to part 748? Is this information you already have for your products?

* The ADDRESSES section of this proposed rule includes information about how to submit comments.

———
manning
bmanning at karoshi.com
PO Box 12317
Marina del Rey, CA 90295
310.322.8102