[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New US regs ban downloadable data-security software



At 10:53 AM 1/15/97 +1100, [email protected] wrote:
>If you read ITAR you will see that State explicity bans export of any
>operating system with a security rating of B2 or above.
>The adgenda is pretty obvious.

Actually, it's less obvious than that :-)
The only way to get a security rating of B2 or above (or even D or above)
is to submit your operating system for rating by the NCSC, which is
a long, expensive process even for C2.  By the time you get to B2,
you're dealing with products that may have real-world uses but are
primarily designed specifically for the military market. 
One of the sensitivities, besides keeping Scary Foreigners from getting
Real Operating Systems, is that it makes it easier for the Scary
Foreigners to look for any bugs the NCSC may have missed and understand
any other weaknesses that the products may have which would let them
break into US Military or Intelligence Agency systems.

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)