s1113645@tesla.cc.uottawa.ca writes:
For those who were wondering if plug-in crypto hooks were still watched out for. One wonders how the ietf folks are managing to promote internet-wide standards that are considered unexportable (Are they? What's the deal on photuris, PEM, ipsec and the rest of them?)
WHY WE TOOK PEM OUT OF APACHE
On May 17th, 1995, we were asked by a representative of NCSA to remove any copies of NCSA httpd prior to 1.4.1 from our web site. They were mandated by the NSA to inform us that redistribution of pre-1.4.1 code violated the same laws that make distributing Phill Zimmerman's PGP package to other countries illegal. There was no encryption in NCSA's httpd, only hooks to publicly available libraries of PEM code. By the NSA's rules, even hooks to this type of application is illegal.
Does anyone know the ostensible justification for this? What section of the ITARs do they point to when they say "this is illegal"? I've perused an online copy of ITAR (no, I haven't read all of it -- I have other things I want to do this year :-), but I can't find a section that could be construed to support this contention. -- Jeff