[ntp:hackers] Export restrictions on ntp-dev?
mills at udel.edu
Thu Apr 23 03:45:43 UTC 2009
I have been around this issue many times with DARPA and even read the
ITAR regulations, which unfortunately are imprecise and confusing,
probably on purpose to give wiggle room. The bottom line is that, even
if OpenSSL is imported from a outside the US, it can't be exported
without a license. Recent enforcement of ITAR has become insane. I had
to sign a statement that required me to forbid a non-US nationals from
my office if research material was viewable on my display. Gives new
meaning to screen saver.
Danny Mayer wrote:
>Brian Utterback wrote:
>>Something just came up in my efforts to get NTP 4.2.5 into Solaris.
>>The question of export restrictions on crypto is part of the checklist
>>for integration into any sun product, Solaris included.
>>So, my question is, has the source code at udel.edu ever been through
>>a U.S. government export review? If so, is there any kind of
>>documentation or review number? How do other vendors deal with this?
>>Any clues, pointers, hints?
>I don't know of anything in the ntp code itself where that would even
>come up but Dave would know for sure. The only issue may be the OpenSSL
>code which is optional at this time, but OpenSSL is hosted outside of
>the US to avoid this issue from what I understand. Doesn't Sun ship
>OpenSSL? It does get used in Kerberos so if Sun is shipping Kerberos it
>should be (but not necessarily) safe to ship for ntp.
More information about the hackers