Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Kerberos availability (Re: NIS)
From: lavondes () tidtest total fr (Michel Lavondes)
Date: Mon, 24 Apr 95 11:42:01 BST

Tim Scanlon wrote :

|It may not be exportable but it's definately been exported, I've seen a fully
|working version of Kerberos running here in Australia and once it's out
|of the US its perfectly legal to use it.

Not a lawyer, so don't sue if I'm wrong:-), but :

I think the requirements are 2fold :

1) It must have been developed outside of the US, other than by a US

2) It must be stored on a non-US site of a non-US citizen/company

This, of course, doesn't mean that you *can* get it lawfully, only
that you dont infringe ITAR by doing so, since most countries have
their own regulations in that area, some more stringent than others.

I also read (not sure where or when) that ITAR only applies to
encryption usable as such, not to encryption technologies used
say, in an authentication package and not independently accessible.


Thus proving the idiocy of ITAR yet again... About all export restrictions
on this stuff seem to accomplish is criminalizing and inhibiting the
sharing of data designed to meet security needs. i.e. they do a great
job of screwing the good guys.


Not even that (see above comment,) though it still makes things
harder than necessary.

BTW, does anyone know what ITAR stand for ?
Michel Lavondes          |It's is not, it isn't ain't, and it's it's, not its,
lavondes () tidtest total fr|if you mean it is. If you don't, it's its. Then too,
Phone: +33-1-4135-4198  |it's hers. It isn't her's. It isn't our's, either.
#include <disclaimer.h>  |It's ours, and likewise yours and theirs.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]