Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!elroy.jpl.nasa.gov!decwrl!stanford.edu!APOLLO.COM!pato
From: pato@APOLLO.COM (Joe Pato)
Newsgroups: comp.protocols.kerberos
Subject: Re: DES and export
Message-ID: <9104092251.AA22904@ATHENA.MIT.EDU>
Date: 9 Apr 91 21:27:22 GMT
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 22


    Let me clarify something since several readers have asked me about it.
    
    First, any cryptographic product (H/W or S/W) to be exported MUST have
    an export license from the Office of Munitions Control of the
    Department of State.
    
This is not strictly true.  Products that use cryptography solely for
authentication purposes may be classified as being controlled by the Commerce
Department rather than needing a Munitions License.  In general it is wise to
obtain a characterization of your product from the State Department (read NSA)
before you attempt to go through Commerce.

The version of Kerberos V5 that is included in the OSF DCE has been modified to
be exportable under Commerce Department jurisdiction.

                    -- Joe Pato
                       Cooperative Computing Division
                       Hewlett-Packard Company
                       pato@apollo.hp.com

-------