From: Bob Snyder <rsnyder@janet.advsys.com>
Date: Sat, 26 Aug 95 06:49:02 PDT
To: cypherpunks@toad.com
Subject: Re: Wide Release (Re: PGPfone (BETA TEST) is released)
In-Reply-To: <m0smKvJ-000PZgC@bofh.lake.de>
Message-ID: <199508261349.JAA23170@janet.advsys.com>
MIME-Version: 1.0
Content-Type: text/plain


cg@bofh.lake.de said:
> > This indicates "Anonymous" is either making up everything from this 
> point on,  or has access to the machine other than normal anonymous 
> FTP.  The permissions  on dist would prevent the CWD from happening.  
> Actually, the permissions on  dist prevent this from working at all.  
> Wrong. The FTP daemon probably has a wrapper around it which checks 
> where the call comes from. When it thinks you come from the U.S. or 
> Canada, it probably starts up the FTP daemon in group 27, otherwise 
> in the default anonymous group. The idea is nice, but you have to 
> implement it correctly, of course. 

You appear to be correct.  I came in from a .net address, which MIT apparently 
feels is non-US, and they would be correct about some .net's, but that's true 
of .com and .edu as well.

I came in from a Multinational corporation in .com, and it let me in. :-)

> That's the dillema: if you export it, you are taking the 
> risk they won't put up this kind of software for FTP the next time. 
> If you don't, you are  complying with these stupid laws... But 
> anyway, with the present state of the MIT FTP server, PGPfone is 
> likely to be all over the (non-US-and-Canada) place before the 
> weekend is over. 

But if people get it from MIT directly, then MIT is violating ITAR/DTR, and 
its lawyers would be justified in shutting things down.  If it's pulled down 
by a US citizen, and then sent out, I don't see how MIT could be held 
responsible for it.

Bob