From owner-freebsd-security Tue Jul 25 08:48:56 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.11/8.6.6) id IAA00154 for security-outgoing; Tue, 25 Jul 1995 08:48:56 -0700 Received: from netmail1.austin.ibm.com (netmail1.austin.ibm.com [129.35.208.96]) by freefall.cdrom.com (8.6.11/8.6.6) with ESMTP id IAA00145 ; Tue, 25 Jul 1995 08:48:52 -0700 Received: from ozymandias.austin.ibm.com (ozymandias.austin.ibm.com [9.3.29.12]) by netmail1.austin.ibm.com (8.6.11/8.6.11) with SMTP id KAA58936; Tue, 25 Jul 1995 10:47:36 -0500 Received: from localhost.austin.ibm.com by ozymandias.austin.ibm.com (AIX 3.2/UCB 5.64/4.03-client-2.6) for freebsd-foreign-secure@grondar.za at austin.ibm.com; id AA14801; Tue, 25 Jul 1995 10:45:51 -0500 Message-Id: <9507251545.AA14801@ozymandias.austin.ibm.com> To: "Rodney W. Grimes" Cc: mark@grondar.za (Mark Murray), pst@stupi.se, rgrimes@freebsd.org, security@freebsd.org, freebsd-foreign-secure@grondar.za Subject: Re: secure/ changes... In-Reply-To: (Your message of Mon, 24 Jul 1995 10:23:26 CDT.) <199507241723.KAA19257@gndrsh.aac.dev.com> Date: Tue, 25 Jul 1995 10:45:51 -0500 From: Scott Brickner Sender: security-owner@freebsd.org Precedence: bulk In message <199507241723.KAA19257@gndrsh.aac.dev.com> "Rodney W. Grimes" writes: >As already pointed out no less than 2 times, DES is a munition, importing >munitions is just as regulated as exporting them. Makeing freefall's cvs/ >secure bits a slave to the ZA site is just as much a problem as exporting >the bits from freefall :-(. I'm not a lawyer, but I've tried to keep up on this. Controls on munitions are authorized by the Arms Export Control Act (22 USC Sec 2778), and the details are set in the International Traffic in Arms Regulation (ITAR). A quick glance through ITAR shows you're likely wrong. It's only the export or "temporary import" that are controlled, where "temporary import means bringing into the U.S. from a foreign country any defense article that is to be returned to the country from which it was shipped or taken, or any defense article that is in transit to another foreign destination." Section 120.18 specifically states that, "Permanent imports are regulated by the Department of the Treasury (see 27 CFR parts 47, 178 and 179)." In eight or nine months of following this ridiculous law, I've never heard of any problems *importing* crypto, only *exporting*.