China Telecom VPN problems (again)

Naslund, Steve SNaslund at
Thu Dec 6 19:17:22 UTC 2012

Make sure you check this out in detail.  My export / import people found
out that if the device is going to be in control of and used by a US
company doing business in China, there are a lot less encryption
restrictions.  The ruling was that it was not an export if the device
remains the property of and in control of a US company.  The thought is
that they want US companies to be able to secure their own VPN traffic.
There are also apparently some key escrow rules whereby you are supposed
to give the Chinese government your keys.  I am told by US gov't
employee that almost no one does that and the Chinese government makes
it a point not to hassle US companies.  Your mileage may vary and I am
not an import / export expert.

Steven Naslund

-----Original Message-----
From: Valdis.Kletnieks at [mailto:Valdis.Kletnieks at] 
Sent: Wednesday, December 05, 2012 2:11 PM
To: Warren Bailey
Cc: nanog at
Subject: Re: China Telecom VPN problems (again)

On Wed, 05 Dec 2012 19:48:31 +0000, Warren Bailey said:
> Since when is heavy encryption cool in China? Export restrictions 
> smoke all of the decent crypto options.

OK, I'll bite.. What crypto options are getting stuck due to export
restrictions (as opposed to import restrictions on the other end)?

More information about the NANOG mailing list