- From: Allan M. Schiffman <ams@terisa.com>
- Date: Sun, 31 Dec 1995 16:53:32 -0800
- To: Dan Stromberg - OAC-DCS <strombrg@hydra.acs.UCI.EDU>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, www-security@ns2.rutgers.edu
As you say, one can easily go astray making statements about ITAR. I'm no expert, and worse, nobody can predict what the treatment will be in a given situation be since such administrative rulings vary from case to case. What I *do* know is how *I* behave, given my perhaps buggy understanding of export regulations. Roughly speaking, if my software doesn't do encryption, I export it without consideration of (the cryptography portion of) ITAR. If I had code that did, say, digest authentication and nothing else, I wouldn't hesitate to ship it overseas -- or put it on a public FTP server. -Allan
Received on Sunday, 31 December 1995 16:51:38 UTC