On Sun, Feb 24, 2002 at 12:08:59AM +0100, Florian Lohoff wrote: > On Sat, Feb 23, 2002 at 07:38:46PM +0000, James Troup wrote: > > > I dont like the fact that i need to put limitations on my ftp/web > > > server for not beeing reachable from those t7 countries. > > > > You _don't_ need to do so; I didn't say so in my mail, and much more > > to the point, our lawyer didn't say so. The fact that you seem to > > want to think you do, is both your invention and your problem. > Am i misreading ? > "D: If it is technically infeasible to block access from the T7 > countries to a web (or ftp, etc) server, does due diligence require > extreme measures? Does the defacto standard of (US) industry > common-practice meet due diligence? > The de facto industry standard should suffice. I hope that the > government will recognize that any system devised by man can be > defeated, with enough effort." > The defacto industry standard is imho much higher than the also > mentioned blocks of reverse mapped ip address blocking of ccTLDs. > Just to mention the "Giantic" firewall built for the govt. of china. > "Please keep in mind that persons in the US who may post to sites > outside the US are governed by US law, even if they do so in their > individual capacity. Therefore, you may want to warn persons in the US > that their posting to the current crypto server outside the US are still > subject to US regulations." > From my reading this means - Anyone - Globally not meeting the > requirement of "the de facto industry standard" of blocking access > to the T7 countries will be held responsible when entering the US > and/or the one actually putting the software in question into > the archive will be held responsible as soon as there is knowledge > of the multi-step export. US export law concerns (as it should) the transport of items from within the borders of the United States to areas outside those borders. If you're engaged in export activities from another country to the T7, on what grounds would you expect to be prosecuted in the United States? And perhaps a more important question is, why do you believe moving crypto into main /increases/ this risk, if you already operate a non-US mirror that's open to the T7? Export from the US to Europe, and export from Europe to the T7, are two separate acts. Unless there's something linking the two acts together -- such as intent on the part of the person exporting from the US -- I don't see any reason for this to be considered equivalent to an export from the US to the T7. If there was such a reason, you would already be at risk today, because there are non-US packages maintained by US developers. Even so, the much greater danger would be to the Americans involved, both for being easier for the Feds to get ahold of, and for playing a larger role in the actual export... Steve Langasek postmodern programmer
Attachment:
pgpqUVG_BlI6K.pgp
Description: PGP signature