[14505] in Cypherpunks
PGP 2.3 vs 2.6 outside the US
daemon@ATHENA.MIT.EDU (rishab@dxm.ernet.in)
Tue May 31 21:41:34 1994
From: rishab@dxm.ernet.in
Date: Wed, 01 Jun 94 00:06:58 +0530
To: jeffb@sware.com, cypherpunks@toad.com
Jeff Barber <jeffb@sware.com>:
> While creating a 2.6-like version from 2.3a seems a worthy goal, this
> supporting argument is flawed. The original PGP was written in the USA
> and, never having received the proper export approvals, must have been
> "illegally exported." Isn't Phil Zimmerman being "investigated" by a
> grand jury for this even now? So, it would seem to me that a bulletin
> board carrying any version of PGP holds illegally exported software (wrt
> US law). How does 2.3a differ from 2.6 in this respect?
2.0 to 2.3a were developed outside the US, released in New Zealand and the
Netherlands, and _imported_ into the US. While a version of 2.3a in India, say,
need not have come from the US, and hence does not indicate an ITAR violation
somewhere, the version of 2.6 in Italian sites got there only because they were
illegally exported from the US.
