cjr@UUNET.UU.NET (Chris Riddick) (04/09/91)
To the best of my understanding of government restrictions, you cannot export any product with DES embedded in it if the encryption is for data confidientiality services. There appear to be some exportable applications if the encryption is used solely for authentication. In this case, the encryption service must not be accessible by the user or programmer. OSF is facing this problem "Big-Time" because of the extensive participa- tion of foreign vendors and the need to provide compatible versions for both U.S. and overseas consumption. The only exception to the export restrictions is from U.S. to our good buddies in Canada. We can export encryption to Canada. Chris Riddick UUNET: uunet!nss1!cjr Internet: nss1!cjr@UUNET.UU.NET USSnail: Simpact Associates, Inc. 12007 Sunrise Valley Drive Reston, Virginia 22091 Phone: 703-758-0190 x2156 FAX: 703-758-0941
cjr@UUNET.UU.NET (Chris Riddick) (04/10/91)
Let me clarify something since several readers have asked me about it. First, any cryptographic product (H/W or S/W) to be exported MUST have an export license from the Office of Munitions Control of the Department of State. Second, I do not know of any document that says explicitly that you may export to Canada (or others). Export licenses are granted on a case-by-case basis. The exported must satisfy the Department of State and whatever requirements they feel apply to the product. I apologize for over-simplifying the issue. Until the U.S Government develops a consistent and realistic position on DES-based products, we will all have to take these issues one at a time. Chris Riddick
pato@APOLLO.COM (Joe Pato) (04/10/91)
Let me clarify something since several readers have asked me about it.
First, any cryptographic product (H/W or S/W) to be exported MUST have
an export license from the Office of Munitions Control of the
Department of State.
This is not strictly true. Products that use cryptography solely for
authentication purposes may be classified as being controlled by the Commerce
Department rather than needing a Munitions License. In general it is wise to
obtain a characterization of your product from the State Department (read NSA)
before you attempt to go through Commerce.
The version of Kerberos V5 that is included in the OSF DCE has been modified to
be exportable under Commerce Department jurisdiction.
-- Joe Pato
Cooperative Computing Division
Hewlett-Packard Company
pato@apollo.hp.com
-------werner@aphrodite.inesc.pt (Werner Hans Peter Vogels) (04/10/91)
In article <9104092251.AA22904@ATHENA.MIT.EDU>, pato@APOLLO.COM (Joe Pato) writes: |> |> The version of Kerberos V5 that is included in the OSF DCE has been modified to |> be exportable under Commerce Department jurisdiction. |> Could you inform about what and how it was changed to get the export license? |> -- Joe Pato |> Cooperative Computing Division |> Hewlett-Packard Company |> pato@apollo.hp.com -- Werner Vogels Distributed Systems Group / Projecto de Automatizacao Industrial INESC - Instituto de Engenharia de Sistemas e Computadores Rua Alves Redol, 9-6o - 1000 Lisboa - Portugal Tel: +351 1 545150 ext 280, Fax: +351 1 525843, e-mail: werner@inesc.inesc.pt