Perry E. Metzger wrote:
Michael Froomkin writes:
If anyone from MIT is reading this, it would be a real public service to put on a web site (a) what the system used for the release of PGP is exactly and (b) what assurances (oral, written, names & dates) was received from State/Commerce that this was legal.
I don't think they got any sort of approval from State or Commerce -- I think they just discussed it with their own lawyers.
Last July *hobbit* (hobbit@avian.org) presented to this list a description of "The FTP Bounce Attack" and stated that it's trivial to hack past a defense like this (well, it didn't seem trivial to me, but I'm not a unix wizard). Obviously, there is no real need for such attacks with PGP and 'everything' else available at non-US sites, and I guess it would leave traces? But it would be interesting to know if anybody have successfully tried it at MIT or some other export-restricted FTP site. Mats