Re: Digest Authentication

As you say, one can easily go astray making statements about ITAR. I'm no
expert, and worse, nobody can predict what the treatment will be in a given
situation be since such administrative rulings vary from case to case.

What I *do* know is how *I* behave, given my perhaps buggy understanding of
export regulations. Roughly speaking, if my software doesn't do encryption,
I export it without consideration of (the cryptography portion of) ITAR. If
I had code that did, say, digest authentication and nothing else, I
wouldn't hesitate to ship it overseas -- or put it on a public FTP server.


Received on Sunday, 31 December 1995 16:51:38 UTC