FTP export walls

[Mats Bergstrom]

>Perry E. Metzger wrote:

>> Michael Froomkin writes:

> > If anyone from MIT is reading this, it would be a real public service to 
> > put on a web site (a) what the system used for the release of PGP is 
> > exactly and (b) what assurances (oral, written, names & dates) was 
> > received from State/Commerce that this was legal.

> I don't think they got any sort of approval from State or Commerce --
> I think they just discussed it with their own lawyers.

Last July *hobbit* (hobbit at avian.org) presented to this list a
description of "The FTP Bounce Attack" and stated that it's trivial to
hack past a defense like this (well, it didn't seem trivial to me, but
I'm not a unix wizard). Obviously, there is no real need for such attacks
with PGP and 'everything' else available at non-US sites, and I guess it
would leave traces? But it would be interesting to know if anybody have
successfully tried it at MIT or some other export-restricted FTP site.

Mats