On Sun, Oct 06, 2002 at 02:53:42PM -0400, Ken Hornstein wrote: > >> >Similarly, with the MIT tarball, I grab it from the UK debian mirror as a > >> >.deb and extract it. The export was not done by me & I haven't broken any > >> >laws by downloading it.
> >> If you believe THAT, then I've got a couple dozen bridges I'd like to > >> sell you. > >Er, which law are you suggesting that he's violating by downloading > >Kerberos from a UK site? > US Export law, perhaps? Note that IANAL, but I have seen a statement > out of the BXA saying that even though the Kerberos code in question > was in the UK (the person was asking about a site in the UK that had > Kerberos on it), anyone downloading Kerberos from that site could still > be in violation of US Export law. And personally, I have a hard > time believing that a lawmaker would miss such an obvious loophole. > Now, are the crypto police going to be breaking down your door? > Unlikely. Does MIT Kerberos already qualify for an export exemption? > Almost certainly. Did Debian already do the necessary mojo to > export MIT Kerberos? Yup. But don't go kidding yourself that > you're somehow protecting yourself by getting MIT Kerberos from an > offshore site, if that original export wasn't done legally. I assumed it was a given in this case that the original export was done legally. True, the UK Debian mirror is no different from a US mirror in this regard, but I took your message as suggesting there was a known export violation here. In any case, though IANAL, my understanding of the export regs are that the penalties apply mostly to the *exporter*; so anyone outside the US who gets their hands on Kerberos is safe, unless they're also redistributing it and becoming exporters themselves. Steve Langasek postmodern programmer ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
