[ntp:hackers] Export restrictions on ntp-dev?

David Mills mills at udel.edu
Thu Apr 23 03:45:43 UTC 2009


I have been around this issue many times with DARPA and even read the 
ITAR regulations, which unfortunately are imprecise and confusing, 
probably on purpose to give wiggle room. The bottom line is that, even 
if OpenSSL is imported from a outside the US, it can't be exported 
without a license. Recent enforcement of ITAR has become insane. I had 
to sign a statement that required me to forbid a non-US nationals from 
my office if research material was viewable on my display. Gives new 
meaning to screen saver.


Danny Mayer wrote:

>Brian Utterback wrote:
>>Something just came up in my efforts to get NTP 4.2.5 into Solaris. 
>>The question of export restrictions on crypto is part of the checklist 
>>for integration into any sun product, Solaris included.
>>So, my question is, has the source code at udel.edu ever been through 
>>a U.S. government export review? If so, is there any kind of 
>>documentation or review number? How do other vendors deal with this? 
>>Any clues, pointers, hints?
>I don't know of anything in the ntp code itself where that would even
>come up but Dave would know for sure. The only issue may be the OpenSSL
>code which is optional at this time, but OpenSSL is hosted outside of
>the US to avoid this issue from what I understand. Doesn't Sun ship
>OpenSSL? It does get used in Kerberos so if Sun is shipping Kerberos it
>should be (but not necessarily) safe to ship for ntp.

More information about the hackers mailing list