[ntp:questions] Re: exporting NTP from the US

Casper H.S.Dik Casper.Dik at Sun.COM
Wed Apr 5 10:01:00 UTC 2006

"David Schwartz" <davids at webmaster.com> writes:

>"Danny Mayer" <mayer at ntp.isc.org> wrote in message 
>news:442B5696.2080700 at ntp.isc.org...

>> Well to be perfectly correct, it does not use encryption in operation
>> except for the generation of keys (ntpgen), but it does do
>> authentication in operation as well as using MD5 for packet validation.

>    Last I checked, I believe that US law had no restrictions on products 
>that only use encryption for authentication, so long as data is sent in the 
>clear. So you should be able to export a binary of NTP so long as it is 
>statically-linked to its encryption routines. IANAL, and I am going from 
>memory from a few years ago. Laws do change.

There are very few export restrictions now; they're actually more liberal
than import restrictions in some countries now.

Sun ships Solaris with 128 bit symmetrical encryption out of the box;
longer keys such as 448 bit blowfish and 256 bit AES can be downloaded
by nearly everyone.  The main reason for the non-integration of the
extended crypto at the time Solaris 10 first shipped were import
restrictions into Russia, France and Israel, IIRC.

Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

More information about the questions mailing list