microsoft xp gssapi client talking to solaris8 gssapi server

[Steve Langasek]

On Sun, Oct 06, 2002 at 02:53:42PM -0400, Ken Hornstein wrote:
> >> >Similarly, with the MIT tarball, I grab it from the UK debian mirror as a
> >> >.deb and extract it.  The export was not done by me & I haven't broken any
> >> >laws by downloading it.

> >> If you believe THAT, then I've got a couple dozen bridges I'd like to
> >> sell you.

> >Er, which law are you suggesting that he's violating by downloading
> >Kerberos from a UK site?

> US Export law, perhaps?  Note that IANAL, but I have seen a statement
> out of the BXA saying that even though the Kerberos code in question
> was in the UK (the person was asking about a site in the UK that had
> Kerberos on it), anyone downloading Kerberos from that site could still
> be in violation of US Export law.  And personally, I have a hard
> time believing that a lawmaker would miss such an obvious loophole.

> Now, are the crypto police going to be breaking down your door?
> Unlikely.  Does MIT Kerberos already qualify for an export exemption?
> Almost certainly.  Did Debian already do the necessary mojo to
> export MIT Kerberos?  Yup.  But don't go kidding yourself that
> you're somehow protecting yourself by getting MIT Kerberos from an
> offshore site, if that original export wasn't done legally.

I assumed it was a given in this case that the original export was done
legally.  True, the UK Debian mirror is no different from a US mirror in
this regard, but I took your message as suggesting there was a known 
export violation here.

In any case, though IANAL, my understanding of the export regs are that
the penalties apply mostly to the *exporter*; so anyone outside the US who
gets their hands on Kerberos is safe, unless they're also redistributing
it and becoming exporters themselves.

Steve Langasek
postmodern programmer