>How did kerberos avoid this? The "bones" distribution of kerberos >without crypto was not regulated by ITAR, right? The Kerberos bones release: Removed the DES code Removed the places where DES code was called It was done by using "unifdef -DNOENCRYPTION" as a filter over all the sources. /r$