[ntp:questions] Re: exporting NTP from the US

Terje Mathisen terje.mathisen at hda.hydro.com
Wed Mar 29 13:45:04 UTC 2006


alan.kiecker wrote:
> Thanks, Harlan.
> 
> We are planning on using the NTP package that Meinberg has available
> for Windows.  Many of our customers isolate their private networks from
> the Internet making it difficult for them to download the package so we
> are planning on making it available to them on our own release media.
> This in effect would make us an exporter, and consequently my
> questions.

Ouch!
> 
> The package as downloaded from Meinberg includes both the SSLeay32.dll
> and libeay32.dll libraries.  The following FAQ
> 
> http://www.columbia.edu/~ariel/ssleay/ssleay-legal-faq.html
> 
> mentions some ITAR issues concerning SSL but does not really go into
> details.  I am assuming that these two libraries, which are used by
> NTP, contain the encryption algorithms that are of concern.  Since the
> API of these libraries is well documented on the Internet, anyone would
> be able to make use of the encryption algorithms once they have the
> libraries.
> 
> Any advice would be appreciated.

My considered advice is this:

Simply forget about it!

The source code is freely available, everywhere, including those states 
that the US classified as 'The Axis of Evil' once upon a time, and so 
are compilers capable of regenerating the binaries.

At this point the theoretical possibility of using Unisys media as way 
to get access to SSL libraries, and then use them for terrorist activity 
seems quite farfetched to me.

Terje

OTOH, I'm not a US citizen, so I'm not bound by what I consider to be a 
particularly stupid US law. :-)

> 
> Thanks.
> 
> -- al
> 


-- 
- <Terje.Mathisen at hda.hydro.com>
"almost all programming can be viewed as an exercise in caching"




More information about the questions mailing list