Path: utzoo!mnetor!motto!ecijmm!ecicrl!clewis From: clewis@ecicrl.UUCP Newsgroups: ont.archives Subject: Re: Kerberos official distribution Message-ID: <209@ecicrl.UUCP> Date: 15 Feb 89 21:31:24 GMT References: <89Jan30.204455est.38031@neat.ai.toronto.edu> <23469@watmath.waterloo.edu> <89Feb6.171507est.18927@me.utoronto.ca> Reply-To: clewis@ecicrl.UUCP (Chris Lewis) Distribution: ont Organization: Elegant Communications Inc. (CRL Division) Lines: 52 After having gone thru a screaming match with John Gilmore and a few other things, I think I can clarify things a little - 1) Public domain software, subject to some exclusions, can be exported anywhere without being subject to export licensing or restrictions (DOC regs that John Gilmore turned up). 2) Copyright/patented/etc. software can exported, subject to some exclusions, *most* places. The places where you can't export to are generally countries that don't recognize copyright. Eg: Korea used to be in this category, and Brazil still is. Some differentiations are made w.r.t. binary versus source etc. In many cases it is possible to export to a country normally restricted by filling out the appropriate license. I was involved with a UNIX export to Korea, and can attest to the amount of forms that needed to be filled out - though they were mostly to do with the hardware. 3) Exclusions: throughout the US regulations there are a number of notwithstanding clauses pointing at other legislation. The one John Gilmore missed (regarding a PD C implementation of DES) was a "Munitions Export" reg. You see, *all* encryption technology is considered a "munition" and is covered under the appropriate export restrictions. There are three or four country "categories" here, where the most restrictive is places like Albania, USSR etc. Next is places like China and Yugoslavia, and finally Canada and Britain in the least restrictive category. And, each type of encryption mechanism is restricted in different ways. For example, it is forbidden to export Enigma to Great Britain (which is ridiculous, considering that it was Britain that broke it during WWII). If I understand correctly, DES "implementations" (either in hardware or software) can only be exported to countries in the same category as Canada, *MUST* be licensed per-customer, and *MUST* be used only for "banking" or "message authentication" purposes. This is likely to be the reason why Kerberos is restricted. Therefore, you should enquire with the US DOC for final clarification. This may also be the case with certain Operating Systems (eg: secure ones) and a few other things. An ordinary CAD package shouldn't be covered under (3). To a certain respect, the restrictions on hardware follow the same guidelines. FYI: The US DOC lifted the ban on export of 8Mhz 286 CPU chips to the USSR last fall... -- Chris Lewis, Markham, Ontario, Canada {uunet!attcan,utgpu,yunexus,utzoo}!lsuc!ecicrl!clewis Ferret Mailing list: ...!lsuc!gate!eci386!ferret-request (or lsuc!gate!eci386!clewis or lsuc!clewis)