Re: Kerberos availability (Re: NIS)

[lavondes () tidtest total fr (Michel Lavondes)]

Tim Scanlon wrote :
> |It may not be exportable but it's definately been exported, I've seen a fully
> |working version of Kerberos running here in Australia and once it's out
> |of the US its perfectly legal to use it.

Not a lawyer, so don't sue if I'm wrong:-), but :

I think the requirements are 2fold :

1) It must have been developed outside of the US, other than by a US
   citizen/company

2) It must be stored on a non-US site of a non-US citizen/company

This, of course, doesn't mean that you *can* get it lawfully, only
that you dont infringe ITAR by doing so, since most countries have
their own regulations in that area, some more stringent than others.

I also read (not sure where or when) that ITAR only applies to
encryption usable as such, not to encryption technologies used
say, in an authentication package and not independently accessible.
> [snip]
>
> Thus proving the idiocy of ITAR yet again... About all export restrictions
> on this stuff seem to accomplish is criminalizing and inhibiting the
> sharing of data designed to meet security needs. i.e. they do a great
> job of screwing the good guys.
>
> [snip]

Not even that (see above comment,) though it still makes things
harder than necessary.

BTW, does anyone know what ITAR stand for ?
-- 
Michel Lavondes          |It's is not, it isn't ain't, and it's it's, not its,
lavondes () tidtest total fr|if you mean it is. If you don't, it's its. Then too,
Phone: +33-1-4135-4198  |it's hers. It isn't her's. It isn't our's, either.
#include <disclaimer.h>  |It's ours, and likewise yours and theirs.