1995-10-27 - FTP export walls

Header Data

From: Mats Bergstrom <asgaard@sos.sll.se>
To: cypherpunks@toad.com
Message Hash: 6859a888d40b028f2ff39e44be3d7182aa0d2300031671e9a6fea1f1a9e1d605
Message ID: <Pine.HPP.3.91.951027164036.27129A-100000@cor.sos.sll.se>
Reply To: <199510271446.KAA13555@jekyll.piermont.com>
UTC Datetime: 1995-10-27 17:26:09 UTC
Raw Date: Sat, 28 Oct 1995 01:26:09 +0800

Raw message

From: Mats Bergstrom <asgaard@sos.sll.se>
Date: Sat, 28 Oct 1995 01:26:09 +0800
To: cypherpunks@toad.com
Subject: FTP export walls
In-Reply-To: <199510271446.KAA13555@jekyll.piermont.com>
Message-ID: <Pine.HPP.3.91.951027164036.27129A-100000@cor.sos.sll.se>
MIME-Version: 1.0
Content-Type: text/plain

>Perry E. Metzger wrote:

>> Michael Froomkin writes:

> > If anyone from MIT is reading this, it would be a real public service to 
> > put on a web site (a) what the system used for the release of PGP is 
> > exactly and (b) what assurances (oral, written, names & dates) was 
> > received from State/Commerce that this was legal.

> I don't think they got any sort of approval from State or Commerce --
> I think they just discussed it with their own lawyers.

Last July *hobbit* (hobbit@avian.org) presented to this list a
description of "The FTP Bounce Attack" and stated that it's trivial to
hack past a defense like this (well, it didn't seem trivial to me, but
I'm not a unix wizard). Obviously, there is no real need for such attacks
with PGP and 'everything' else available at non-US sites, and I guess it
would leave traces? But it would be interesting to know if anybody have
successfully tried it at MIT or some other export-restricted FTP site.