Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z - Internet FAQ Archives

Kerberos FAQ, v2.0 (last modified 8/18/2000)
Section - 1.13. What is the export status of Kerberos?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Zip codes ]

Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 1.12. I see the acronyms TGT and TGS used a lot. What do they mean?
Next Document: 1.14. What is a "Kerberos client", "Kerberos server", and "application server"?
See reader questions & answers on this topic! - Help others by sharing your knowledge
This is a topic of much discussion, and it appears that there is no clear
answer. Your best bet is to contact a lawyer for a definitive answer. But if
you're willing to listen to "educated guesses", read on.

The recent US Government relaxation of export controls has caused much
discussion on this topic. The current belief is that under the new
regulations, Kerberos source code can be exported everywhere, except for the
so-called "T7" countries (countries that are defined by the US State
Department as being terrorist countries).

The definitive source for the exact regulations is the Bureau of Export
Administration, and their web site is at:

Specifically, if you look at the Encryption License Exemption Chart,

you can see that under "Unrestricted, encryption source code (open source
code)" that the only restriction is to not knowingly export to T7 countries.

The official response from MIT with respect to the export status of Kerberos
5 is that they have contacted their legal staff, and they have not yet given
them an answer.

However, Question 1.5 does list a non-US ftp site for Kerberos 5. The
legality of downloading Kerberos from this site is unknown.

User Contributions:

Comment about this article, ask questions, or add new information about this topic: