Terje,
Add this to your bag of silly stories.
I had heard of a professor at a California university that was
threatened with prosecution because there were Chinese nationals in his
class on cyrptographic algorithms. I put this issue to my DARPA program
manager and asked for official clarification, as I also have Chinese
nationals in my class on computer security. The <official> answer was
this was okay as long as the Chinese nationals "took no documents or
notes upon returning to China." The DARPA official even managed to say
that with a straight face.
Times have changed. Thirty years ago it was illegal to encrypt anything
in Germany.
Dave
Terje Mathisen wrote:
alan.kiecker wrote:
Thanks, Harlan.
We are planning on using the NTP package that Meinberg has available
for Windows. Many of our customers isolate their private networks from
the Internet making it difficult for them to download the package so we
are planning on making it available to them on our own release media.
This in effect would make us an exporter, and consequently my
questions.
Ouch!
The package as downloaded from Meinberg includes both the SSLeay32.dll
and libeay32.dll libraries. The following FAQ
http://www.columbia.edu/~ariel/ssleay/ssleay-legal-faq.html
mentions some ITAR issues concerning SSL but does not really go into
details. I am assuming that these two libraries, which are used by
NTP, contain the encryption algorithms that are of concern. Since the
API of these libraries is well documented on the Internet, anyone would
be able to make use of the encryption algorithms once they have the
libraries.
Any advice would be appreciated.
My considered advice is this:
Simply forget about it!
The source code is freely available, everywhere, including those states
that the US classified as 'The Axis of Evil' once upon a time, and so
are compilers capable of regenerating the binaries.
At this point the theoretical possibility of using Unisys media as way
to get access to SSL libraries, and then use them for terrorist activity
seems quite farfetched to me.
Terje
OTOH, I'm not a US citizen, so I'm not bound by what I consider to be a
particularly stupid US law. :-)
Thanks.
-- al
_______________________________________________
questions mailing list
[email protected]
https://lists.ntp.isc.org/mailman/listinfo/questions
