MIDRANGE dot COM Mailing List Archive



Home » LINUX5250 » December 2001

Re: Re: BXA export notification



fixed

Yes, I spent a considerable amount of time reading the EAR stuff,
including 740.13, but was still left without any clear understanding
of whether we need to do anything.   Reading the qualifications under
5D002 isn't much clearer.   If we had the crypto code in our distribution,
it would be clear...

The post I sent to the openssl-users list basically said the same thing
that you did...  that it "doesn't hurt" to report it to the BXA, and it's
easy to do.

So, since I'm both a US citizen, and the person who wrote the code, I'm
the logical person to notify them.   I'll go ahead and do that...


On 14 Dec 2001, Carey Evans wrote:
>
> > Wow...  I have no idea what they're trying to say on this site.  I was
> > under the impression that since we don't do any cryptography in tn5250,
> > and since OpenSSL is a seperately-distributed item, we would not have
> > to deal with all of this.
>
> There seem to be quite a few assumptions that you know what they're
> talking about.  It makes slightly more sense when you look at 740.13
> and 772.1 in the linked PDF, but not much.
>
> I did find a statement on the AESCrypt home page where the BXA states
> that software built with OSS encryption components still has to be
> submitted to them:
>
>     http://aescrypt.sourceforge.net/
>
> I also thought that since there's no restrictions on the export of
> open source software, we're better off letting them know when we
> didn't have to, than not letting them know when we should have.
>







Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact