Re: Kerberos availability (Re: NIS)
Michel Lavondes (lavondes@tidtest.total.fr)
Mon, 24 Apr 95 11:42:01 BST
Tim Scanlon wrote :
>
> |It may not be exportable but it's definately been exported, I've seen a fully
> |working version of Kerberos running here in Australia and once it's out
> |of the US its perfectly legal to use it.
Not a lawyer, so don't sue if I'm wrong:-), but :
I think the requirements are 2fold :
1) It must have been developed outside of the US, other than by a US
citizen/company
2) It must be stored on a non-US site of a non-US citizen/company
This, of course, doesn't mean that you *can* get it lawfully, only
that you dont infringe ITAR by doing so, since most countries have
their own regulations in that area, some more stringent than others.
I also read (not sure where or when) that ITAR only applies to
encryption usable as such, not to encryption technologies used
say, in an authentication package and not independently accessible.
>
> [snip]
>
> Thus proving the idiocy of ITAR yet again... About all export restrictions
> on this stuff seem to accomplish is criminalizing and inhibiting the
> sharing of data designed to meet security needs. i.e. they do a great
> job of screwing the good guys.
>
> [snip]
>
Not even that (see above comment,) though it still makes things
harder than necessary.
BTW, does anyone know what ITAR stand for ?
--
Michel Lavondes |It's is not, it isn't ain't, and it's it's, not its,
lavondes@tidtest.total.fr|if you mean it is. If you don't, it's its. Then too,
Phone : +33-1-4135-4198 |it's hers. It isn't her's. It isn't our's, either.
#include <disclaimer.h> |It's ours, and likewise yours and theirs.