microsoft xp gssapi client talking to solaris8 gssapi server

[Ken Hornstein]

>> >Similarly, with the MIT tarball, I grab it from the UK debian mirror as a
>> >.deb and extract it.  The export was not done by me & I haven't broken any
>> >laws by downloading it.
>
>> If you believe THAT, then I've got a couple dozen bridges I'd like to
>> sell you.
>
>Er, which law are you suggesting that he's violating by downloading
>Kerberos from a UK site?

US Export law, perhaps?  Note that IANAL, but I have seen a statement
out of the BXA saying that even though the Kerberos code in question
was in the UK (the person was asking about a site in the UK that had
Kerberos on it), anyone downloading Kerberos from that site could still
be in violation of US Export law.  And personally, I have a hard
time believing that a lawmaker would miss such an obvious loophole.

Now, are the crypto police going to be breaking down your door?
Unlikely.  Does MIT Kerberos already qualify for an export exemption?
Almost certainly.  Did Debian already do the necessary mojo to
export MIT Kerberos?  Yup.  But don't go kidding yourself that
you're somehow protecting yourself by getting MIT Kerberos from an
offshore site, if that original export wasn't done legally.

--Ken