1995-11-14 - Re: NSA, ITAR, NCSA and plug-in hooks.

Header Data

From: Jeff Barber <jeffb@sware.com>
To: s1113645@tesla.cc.uottawa.ca
Message Hash: 1e9d8843c748b997ebecbacf1f609ab400f124f2e8af674894d30c21154474c9
Message ID: <199511141758.MAA14695@jafar.sware.com>
Reply To: <Pine.3.89.9511140929.A25609-0100000@tesla.cc.uottawa.ca>
UTC Datetime: 1995-11-14 18:34:08 UTC
Raw Date: Wed, 15 Nov 1995 02:34:08 +0800

Raw message

From: Jeff Barber <jeffb@sware.com>
Date: Wed, 15 Nov 1995 02:34:08 +0800
To: s1113645@tesla.cc.uottawa.ca
Subject: Re: NSA, ITAR, NCSA and plug-in hooks.
In-Reply-To: <Pine.3.89.9511140929.A25609-0100000@tesla.cc.uottawa.ca>
Message-ID: <199511141758.MAA14695@jafar.sware.com>
MIME-Version: 1.0
Content-Type: text/plain

s1113645@tesla.cc.uottawa.ca writes:

> For those who were wondering if plug-in crypto hooks were still watched 
> out for. One wonders how the ietf folks are managing to promote internet-wide
> standards that are considered unexportable (Are they? What's the deal on 
> photuris, PEM, ipsec and the rest of them?)

>                          WHY WE TOOK PEM OUT OF APACHE
>    On May 17th, 1995, we were asked by a representative of NCSA to remove
>    any copies of NCSA httpd prior to 1.4.1 from our web site. They were
>    mandated by the NSA to inform us that redistribution of pre-1.4.1 code
>    violated the same laws that make distributing Phill Zimmerman's PGP
>    package to other countries illegal. There was no encryption in NCSA's
>    httpd, only hooks to publicly available libraries of PEM code. By the
>    NSA's rules, even hooks to this type of application is illegal. 

Does anyone know the ostensible justification for this?  What section of
the ITARs do they point to when they say "this is illegal"?  I've perused
an online copy of ITAR (no, I haven't read all of it -- I have other
things I want to do this year :-), but I can't find a section that could
be construed to support this contention.

-- Jeff