[lug] SSH Export Question

D. Stimits stimits at idcomm.com
Mon Feb 12 13:29:45 MST 2001


Nate Duehr wrote:
> 
> So I have a question:
> 
> With the "relaxed" (yeah, right) laws regarding cryptography export, is
> it illegal to ship a machine to a company subsidiary overseas in the
> "friendly countries" areas defined as the EU+8 that has OpenSSH
> pre-installed on it so it can be administered securely from the States?
> 
> What are some of the things to consider?  I've looked at the
> government's site regarding this and am having difficulty making heads
> or tails out of the hideously poor job our elected officials have done
> in trying to create "easy to use" guidelines.  There's a table there
> that looks almost as difficult to figure out as my taxes.  :)
> 
> Anyone been through this before already?  Just looking for the plain
> english version.
> 
> --
> Nate Duehr <nate at natetech.com>
> 
> GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
> Public Key available upon request, or at wwwkeys.pgp.net and others.
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

My original reply bounced it looks like. Unknown, it says the route was
down or something related.

This is similar to questions I've had, but never heard a good answer
for. One thing I am sure of, is that if instead of shipping the ssh, you
instead give them instructions on where to download, and how to install
ssh, you are personally in the clear. In the past, applications would
provide the right hooks and infrastructure to work with libs such as
libssl, and then leave the final install of the lib to the end user.

FYI, this is one topic I would *really* love to hear about from an
attorney as a BLUG meeting topic (along with the rest of open source and
GPL/LGPL licensing issues).

D. Stimits, stimits at idcomm.com



More information about the LUG mailing list