Thanks for the reply. I'm aware of the limitations of this approach.
foolproof or accurate. I'm only intending to satisfy a demand to "do
something". We already dictate export requirements in the EULA, but
we need to also attempt to block the embargoed countries.
Post by Kevin BlackhamIs there a prefix list available listing the IP space of cryptographic
export restricted countries? My google skills are failing me. I'm
required to apply a ban on North Korea, Iran, Syria, Sudan and Cuba.
I am pretty sure that while you can get a list of IP addresses
"currently" being used, you know (as well as I do) that those
can/will change, and NAT/Proxies make it nearly impossible
to really enforce this. So while it can be something to
do, it is not going to be complete.
I am pretty sure you need something like a "click-through"
for people to say they agree they are not citizens of those
countries, and agree not to export to them (same as Cisco
and others do).
In any case, check with your lawyers are to the actual
acceptable practices. They are the ones who will need
to defend your company if/when the software gets to
the "evil-doers" (and it will, if they want it, and
we all know it), and someone decides you should have
done more and decides to sue.
(The ITAR (and equivalent) restriction laws are complex,
and you want to make sure you get it right, since you
do not want to be the "designated felon" as our lawyers
likes to call the guy who is responsible for compliance
and will be the one the feds go after if the software
or information gets to the "wrong" groups. So, make
sure someone else is the "designated felon".)
Gary