Yes, I spent a considerable amount of time reading the EAR stuff,
including 740.13, but was still left without any clear understanding
of whether we need to do anything.   Reading the qualifications under
5D002 isn't much clearer.   If we had the crypto code in our distribution,
it would be clear...

The post I sent to the openssl-users list basically said the same thing
that you did...  that it "doesn't hurt" to report it to the BXA, and it's
easy to do.

So, since I'm both a US citizen, and the person who wrote the code, I'm
the logical person to notify them.   I'll go ahead and do that...

On 14 Dec 2001, Carey Evans wrote:
> > Wow...  I have no idea what they're trying to say on this site.  I was
> > under the impression that since we don't do any cryptography in tn5250,
> > and since OpenSSL is a seperately-distributed item, we would not have
> > to deal with all of this.
> There seem to be quite a few assumptions that you know what they're
> talking about.  It makes slightly more sense when you look at 740.13
> and 772.1 in the linked PDF, but not much.
> I did find a statement on the AESCrypt home page where the BXA states
> that software built with OSS encryption components still has to be
> submitted to them:
> I also thought that since there's no restrictions on the export of
> open source software, we're better off letting them know when we
> didn't have to, than not letting them know when we should have.

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page