[ntp:questions] Re: exporting NTP from the US
David L. Mills
mills at udel.edu
Thu Mar 30 18:03:24 UTC 2006
Terje,
Add this to your bag of silly stories.
I had heard of a professor at a California university that was
threatened with prosecution because there were Chinese nationals in his
class on cyrptographic algorithms. I put this issue to my DARPA program
manager and asked for official clarification, as I also have Chinese
nationals in my class on computer security. The <official> answer was
this was okay as long as the Chinese nationals "took no documents or
notes upon returning to China." The DARPA official even managed to say
that with a straight face.
Times have changed. Thirty years ago it was illegal to encrypt anything
in Germany.
Dave
Terje Mathisen wrote:
> alan.kiecker wrote:
>
>> Thanks, Harlan.
>>
>> We are planning on using the NTP package that Meinberg has available
>> for Windows. Many of our customers isolate their private networks from
>> the Internet making it difficult for them to download the package so we
>> are planning on making it available to them on our own release media.
>> This in effect would make us an exporter, and consequently my
>> questions.
>
>
> Ouch!
>
>>
>> The package as downloaded from Meinberg includes both the SSLeay32.dll
>> and libeay32.dll libraries. The following FAQ
>>
>> http://www.columbia.edu/~ariel/ssleay/ssleay-legal-faq.html
>>
>> mentions some ITAR issues concerning SSL but does not really go into
>> details. I am assuming that these two libraries, which are used by
>> NTP, contain the encryption algorithms that are of concern. Since the
>> API of these libraries is well documented on the Internet, anyone would
>> be able to make use of the encryption algorithms once they have the
>> libraries.
>>
>> Any advice would be appreciated.
>
>
> My considered advice is this:
>
> Simply forget about it!
>
> The source code is freely available, everywhere, including those states
> that the US classified as 'The Axis of Evil' once upon a time, and so
> are compilers capable of regenerating the binaries.
>
> At this point the theoretical possibility of using Unisys media as way
> to get access to SSL libraries, and then use them for terrorist activity
> seems quite farfetched to me.
>
> Terje
>
> OTOH, I'm not a US citizen, so I'm not bound by what I consider to be a
> particularly stupid US law. :-)
>
>>
>> Thanks.
>>
>> -- al
>>
>
>
More information about the questions
mailing list