Educause Security Discussion
mailing list archives
Re: VPN/ssh and foreign travel
From: "Rowe, Ken" <kenrowe () UILLINOIS EDU>
Date: Wed, 19 Nov 2008 12:49:04 -0600
Let me clarify this:
Cryptography is ALWAYS export controlled in the USA, but under the
"tools of trade" and "personal use" categories they may be taken out of
the country for up to 1 year.
See http://www.bis.doc.gov/encryption/lechart1.htm for guidance.
I wouldn't consider anything but encrypted communications for most
situations. Note that it is illegal in certain countries to use
encrypted communications. In that case you may be forced to use a less
secure means with an associated reduction in access allowed to your
Director of Enterprise Systems Assurance and Information Security
University Office of Administrative Information Technology Services
University of Illinois
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy
Sent: Wednesday, November 19, 2008 11:33 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] VPN/ssh and foreign travel
There shouldn't be an export control issue if you're talking about
travelling to another country with encryption software installed on
notebook. These travelers are presumably keeping the computer in their
possession and bringing it back with them, in which case nothing was
Now, if they are travelling to a more heavily restricted country like
Korea, you might have different issues.
Many campuses (including my former one) have been requiring encrypted
authentication to campus systems for years.
----- Original Message -----
From: "jeff murphy" <jcmurphy () BUFFALO EDU>
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Wednesday, November 19, 2008 12:20 PM
Subject: [SECURITY] VPN/ssh and foreign travel
We're trying to eliminate use of cleartext password transmission for
access to university systems. One point of discussion involves dealing
with US export controls. What I'd like to hear from you (sec () educ) is
your thoughts on whether it's practical to require encrypted access
the export issue?