North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [Nanog] Crypto export restricted prefix list
Thanks for the reply. I'm aware of the limitations of this approach. For the same reasons you stated (proxy etc), I don't expect this to be foolproof or accurate. I'm only intending to satisfy a demand to "do something". We already dictate export requirements in the EULA, but we need to also attempt to block the embargoed countries. On 4/22/08, Buhrmaster, Gary <[email protected]> wrote: > > > Is there a prefix list available listing the IP space of cryptographic > > export restricted countries? My google skills are failing me. I'm > > required to apply a ban on North Korea, Iran, Syria, Sudan and Cuba. > > I am pretty sure that while you can get a list of IP addresses > "currently" being used, you know (as well as I do) that those > can/will change, and NAT/Proxies make it nearly impossible > to really enforce this. So while it can be something to > do, it is not going to be complete. > > I am pretty sure you need something like a "click-through" > for people to say they agree they are not citizens of those > countries, and agree not to export to them (same as Cisco > and others do). > > In any case, check with your lawyers are to the actual > acceptable practices. They are the ones who will need > to defend your company if/when the software gets to > the "evil-doers" (and it will, if they want it, and > we all know it), and someone decides you should have > done more and decides to sue. > > (The ITAR (and equivalent) restriction laws are complex, > and you want to make sure you get it right, since you > do not want to be the "designated felon" as our lawyers > likes to call the guy who is responsible for compliance > and will be the one the feds go after if the software > or information gets to the "wrong" groups. So, make > sure someone else is the "designated felon".) > > Gary > _______________________________________________ NANOG mailing list [email protected] http://mailman.nanog.org/mailman/listinfo/nanog
|