[ntp:hackers] Export restrictions on ntp-dev?

Danny Mayer mayer at ntp.org
Sat Apr 25 01:59:15 UTC 2009


Dave,

All the more reason that the Windows binaries are built in Germany so we
don't have to worry about exporting OpenSSL.

So we are not exporting any cryptographic code of any kind in the
sources to NTP.

No doubt that makes no difference to ITAR. I wonder what MIT has to do
for Kerberos?

Danny

David Mills wrote:
> Danny,
> 
> I have been around this issue many times with DARPA and even read the 
> ITAR regulations, which unfortunately are imprecise and confusing, 
> probably on purpose to give wiggle room. The bottom line is that, even 
> if OpenSSL is imported from a outside the US, it can't be exported 
> without a license. Recent enforcement of ITAR has become insane. I had 
> to sign a statement that required me to forbid a non-US nationals from 
> my office if research material was viewable on my display. Gives new 
> meaning to screen saver.
> 
> Dave
> 
> Danny Mayer wrote:
> 
>> Brian Utterback wrote:
>>  
>>
>>> Something just came up in my efforts to get NTP 4.2.5 into Solaris. 
>>> The question of export restrictions on crypto is part of the checklist 
>>> for integration into any sun product, Solaris included.
>>>
>>> So, my question is, has the source code at udel.edu ever been through 
>>> a U.S. government export review? If so, is there any kind of 
>>> documentation or review number? How do other vendors deal with this? 
>>> Any clues, pointers, hints?
>>>
>>> Thanks.
>>>    
>>>
>> I don't know of anything in the ntp code itself where that would even
>> come up but Dave would know for sure. The only issue may be the OpenSSL
>> code which is optional at this time, but OpenSSL is hosted outside of
>> the US to avoid this issue from what I understand. Doesn't Sun ship
>> OpenSSL? It does get used in Kerberos so if Sun is shipping Kerberos it
>> should be (but not necessarily) safe to ship for ntp.
>>
>> Danny

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the hackers mailing list