Re: NSA, ITAR, NCSA and plug-in hooks.

[Jeff Barber <jeffb@sware.com>]

s1113645@tesla.cc.uottawa.ca writes:

> For those who were wondering if plug-in crypto hooks were still watched 
> out for. One wonders how the ietf folks are managing to promote internet-wide
> standards that are considered unexportable (Are they? What's the deal on 
> photuris, PEM, ipsec and the rest of them?)

>                          WHY WE TOOK PEM OUT OF APACHE
>                                        
>    On May 17th, 1995, we were asked by a representative of NCSA to remove
>    any copies of NCSA httpd prior to 1.4.1 from our web site. They were
>    mandated by the NSA to inform us that redistribution of pre-1.4.1 code
>    violated the same laws that make distributing Phill Zimmerman's PGP
>    package to other countries illegal. There was no encryption in NCSA's
>    httpd, only hooks to publicly available libraries of PEM code. By the
>    NSA's rules, even hooks to this type of application is illegal. 

Does anyone know the ostensible justification for this?  What section of
the ITARs do they point to when they say "this is illegal"?  I've perused
an online copy of ITAR (no, I haven't read all of it -- I have other
things I want to do this year :-), but I can't find a section that could
be construed to support this contention.


-- Jeff