[1595] in bugtraq
Re: Kerberos availability (Re: NIS)
daemon@ATHENA.MIT.EDU (Michel Lavondes)
Mon Apr 24 08:12:52 1995
From: lavondes@tidtest.total.fr (Michel Lavondes)
To: tfs@vampire.science.gmu.edu
Date: Mon, 24 Apr 95 11:42:01 BST
Cc: bugtraq@fc.net
Reply-To: lavondes@tidtest.total.fr
In-Reply-To: <9504210635.AA05036@vampire.science.gmu.edu>; from "Tim Scanlon" at Apr 21, 95 2:35 am
Tim Scanlon wrote :
>
> |It may not be exportable but it's definately been exported, I've seen a fully
> |working version of Kerberos running here in Australia and once it's out
> |of the US its perfectly legal to use it.
Not a lawyer, so don't sue if I'm wrong:-), but :
I think the requirements are 2fold :
1) It must have been developed outside of the US, other than by a US
citizen/company
2) It must be stored on a non-US site of a non-US citizen/company
This, of course, doesn't mean that you *can* get it lawfully, only
that you dont infringe ITAR by doing so, since most countries have
their own regulations in that area, some more stringent than others.
I also read (not sure where or when) that ITAR only applies to
encryption usable as such, not to encryption technologies used
say, in an authentication package and not independently accessible.
>
> [snip]
>
> Thus proving the idiocy of ITAR yet again... About all export restrictions
> on this stuff seem to accomplish is criminalizing and inhibiting the
> sharing of data designed to meet security needs. i.e. they do a great
> job of screwing the good guys.
>
> [snip]
>
Not even that (see above comment,) though it still makes things
harder than necessary.
BTW, does anyone know what ITAR stand for ?
--
Michel Lavondes |It's is not, it isn't ain't, and it's it's, not its,
lavondes@tidtest.total.fr|if you mean it is. If you don't, it's its. Then too,
Phone : +33-1-4135-4198 |it's hers. It isn't her's. It isn't our's, either.
#include <disclaimer.h> |It's ours, and likewise yours and theirs.
