[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh package

Michael Meskes <meskes@informatik.rwth-aachen.de> writes:

| Wrong: ITAR regulations do not permit any sensible military technology
| (incl. cryptography) being moved out of the U.S. That includes DES and
| therefore libc as well!  As it stands right now, anybody mirroring any
| Linux distribution from the U.S (and anybody offering it!) is
| violating U.S. laws.

Hrm... is this really true?  My understanding is/was that
-exporting- it without a license is (at least technically)
illegal.  But neither downloading it into the US (RSA
patent issues aside) nor making it available for FTP
within the US are illegal per se.

E.g., MIT, which has been through the legal wringer on
this, makes Kerberos available via ftp, no?  And the
US dropped it's case against Phil Zimmerman, which
involved precisely claiming that making it available
for ftp within the US constituted illegal export. No?

(As a -really- small nit, it is my understanding
that export of DES from the US is legal without an
export license if used for authentication -- only
restricted if it is used for encryption.  No
bottom to the silliness!)


Reply to: