httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From efr...@ncsa.uiuc.edu (Elizabeth Frank)
Subject Re: export restrictions & mirroring Apache at NCSA
Date Thu, 18 May 1995 21:54:12 GMT
On May 18,  3:33pm, Rob Hartill wrote:
} Subject: Re: export restrictions & mirroring Apache at NCSA
 >  
 > > We have to make adding the encryption stuff as difficult as writing
 > > original code.
 > 
 > says who ?  is there any online info describing this nonsense ?

This comes from a meeting with two people from NSA.  We've asked for
copies of the relevant document, ITAR (International Treaty for
Arms Restrictions or something like that).  They didn't think there
were copies on line (that department is still using primarily Wangs).
You can call (703)875-6644 and ask for it (It's huge).  The relevant
section is category 13 B.

 > > No.  In fact, if David allows export of the software (with hooks) from
 > > the UK, he is violating UK export restrictions and the UK equivalent
 > > of the NSA could come knocking on his door.
 > 
 > We don't have to worry about UK export restrictions. We could
 > mould Apache into a 150 foot long military grade "gas pipeline" and
 > ship it to Iraq without HM Government raising an eyebrow.

Well, enforcement is up to the individual countries and the US is 
hyperactive about it.

 > > The treaty is an international agreement and in theory Europe has 
 >                                                   ^^^^^^
 > 
 > theory shouldn't stop us.  
 > 
 > I'm told that "in theory" *all* types of encryption are illegal in 
 > France, but nobody gives a damn. I bet they have Netsite running over
 > there.
 > 
 > > agreed to control export from their
 > > countries.  Further more the state department considers colaborative
 > > research, making detailed implementation information, or specifications
 >             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 > > available to be the same as exporting it.  On top which, our laws are
 >   ^^^^^^^^^
 > 
 > what are they talking about ?  encryption algorithms I bet, not
 > programming hooks.

No, PROGRAMMING HOOKS for encryption are specifically covered.  We got into
this mess because we thought that encryption hooks without any actual cryptography
were OK.

 > > written in such a way that importing cryptography is legal, but once
 > > inside the country we can not export it even if we got it outside the
 > > US to start with.
 > 
 > Okay, so along the lines of Brian's earlier suggestion, we could setup
 > links as..
 > 
 >      hyperreal.com/..../tar.Z>for US only</A>
 > 
 >      .uk/.../tar.Z>contains PGP hooks that the NSA say you can't have :-)</A>

Sorry, according to those same NSA people you have to make more of an effort
than that.

 > We don't have NCSA code on our sites, so Beth should be happy with that,

Well last time I checked you had a copy of httpd_1.3 at your Apache web site.
I've fulfilled my obligation and and asked that you remove it.

 > however, I see absolutely no reason to remove the PGP hooks from Apache,
 > until the NCA come after us, and then we can argue with them.. sounds fun.
 > 
 > robh
}-- End of excerpt from Rob Hartill

Good Luck!
	-Beth (who is going home with a headache from dealing with
	all this mess, and wishes she had never heard of export restrictions
	or cryptography :^)

Mime
View raw message