Tim Scanlon wrote : > > |It may not be exportable but it's definately been exported, I've seen a fully > |working version of Kerberos running here in Australia and once it's out > |of the US its perfectly legal to use it. Not a lawyer, so don't sue if I'm wrong:-), but : I think the requirements are 2fold : 1) It must have been developed outside of the US, other than by a US citizen/company 2) It must be stored on a non-US site of a non-US citizen/company This, of course, doesn't mean that you *can* get it lawfully, only that you dont infringe ITAR by doing so, since most countries have their own regulations in that area, some more stringent than others. I also read (not sure where or when) that ITAR only applies to encryption usable as such, not to encryption technologies used say, in an authentication package and not independently accessible. > > [snip] > > Thus proving the idiocy of ITAR yet again... About all export restrictions > on this stuff seem to accomplish is criminalizing and inhibiting the > sharing of data designed to meet security needs. i.e. they do a great > job of screwing the good guys. > > [snip] > Not even that (see above comment,) though it still makes things harder than necessary. BTW, does anyone know what ITAR stand for ? -- Michel Lavondes |It's is not, it isn't ain't, and it's it's, not its, lavondes@tidtest.total.fr|if you mean it is. If you don't, it's its. Then too, Phone : +33-1-4135-4198 |it's hers. It isn't her's. It isn't our's, either. #include <disclaimer.h> |It's ours, and likewise yours and theirs.