From owner-freebsd-security Wed Jul 26 17:46:22 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.11/8.6.6) id RAA29345 for security-outgoing; Wed, 26 Jul 1995 17:46:22 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.11/8.6.6) with ESMTP id RAA29339 for ; Wed, 26 Jul 1995 17:46:19 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id RAA27300; Wed, 26 Jul 1995 17:45:42 -0700 From: "Rodney W. Grimes" Message-Id: <199507270045.RAA27300@gndrsh.aac.dev.com> Subject: Re: secure/ changes... To: mark@grondar.za (Mark Murray) Date: Wed, 26 Jul 1995 17:45:42 -0700 (PDT) Cc: jaitken@cslab.vt.edu, sef@kithrup.com, security@freebsd.org In-Reply-To: <199507262123.XAA27515@grumble.grondar.za> from "Mark Murray" at Jul 26, 95 11:23:36 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 3168 Sender: security-owner@freebsd.org Precedence: bulk > > > Yes ;) I hit the wrong sequence of keys out of habit and sent the > > message when I meant not to. Sorry. What I wanted to respond to was: > > > > > > Now, to cover my own butt, I have to add that I'm not a lawyer, > > > > nor do I play one on TV or the net. I *can* read, though, and > > > > have read a lot on this subject: often by people who *do* play > > > > lawyers on the net. > > > > Although I don't claim to understand much about this whole issue, many > > of the net.lawyers (and probably a few real ones too ;) think > > Zimmermann is not guilty, but that hasn't stopped the DoJ from > > prosecuting him (last I heard). Perhaps Rodney is simply taking the > > position that he isn't willing to risk it, even if it seems like > > importing crypto software isn't relaly illegal in all cases. The > > entire FreeBSD core team has gone to great lengths to avoid any further > > confrontations with USL, despite the beliefs of many well informed > > people who thought their lawsuit was groundless/pointless/useless/ > > frivilous/etc. Perhaps that lesson is carrying over into this issue... > > This debate has been very informative for me. I relised this was a problem, > but I did not realise it was difficult as this to research. :-( :-( :-( A weeks time, and a good law library would be a nice place to start. Finding a ``good'' law library that has the right Federal reglatory documents can be real tough to find. Especially if your looking for US documents in za :-(. > I have the whole ITAR document now, and it is my intention to STUDY the > bugger to see what it says. That should be definitive enough? No, as it specifically says it does not apply to permanent import, so it is not the regulatory document to be consulted. This does not mean there is no restriction on import, it simply means ITAR does not cover it. > BTW - and this is a BIIIG `BTW': Are all parties aware that our current > DES library was written in Australia? Likewise eBones (By the same author > as DES). A different Australian wrote our DES crypt(3) and friends. > > If we are scared of prosecution, _now_ is the time to divest ourselves > of the cruft... I raised a big red flag when all that was done and washed my hands of it when it happened, though I did not realize we where bringing in a foreign DES, I thought it was just Bones hacked to work with the DES that came with 4.4BSD. Had I known what actually transpired I would have screamed a little louder, infact a lot louder. I was ``informed'' by the people doing this that it was totally legal, that they had done there homework, and that there would be no problems, so it is there ass on the line here, since I did not participate in the action of doing it. I may be held accountable though as an after the fact accessory, so it is _now_ in my best interest to further the invistigation of the legal status of these actions. Something I do not really want to do, which means it will proceded at a snails passe in the background. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Reliable computers for FreeBSD