|
Yes, I spent a considerable amount of time reading the EAR stuff, including 740.13, but was still left without any clear understanding of whether we need to do anything. Reading the qualifications under 5D002 isn't much clearer. If we had the crypto code in our distribution, it would be clear... The post I sent to the openssl-users list basically said the same thing that you did... that it "doesn't hurt" to report it to the BXA, and it's easy to do. So, since I'm both a US citizen, and the person who wrote the code, I'm the logical person to notify them. I'll go ahead and do that... On 14 Dec 2001, Carey Evans wrote: > > > Wow... I have no idea what they're trying to say on this site. I was > > under the impression that since we don't do any cryptography in tn5250, > > and since OpenSSL is a seperately-distributed item, we would not have > > to deal with all of this. > > There seem to be quite a few assumptions that you know what they're > talking about. It makes slightly more sense when you look at §740.13 > and §772.1 in the linked PDF, but not much. > > I did find a statement on the AESCrypt home page where the BXA states > that software built with OSS encryption components still has to be > submitted to them: > > http://aescrypt.sourceforge.net/ > > I also thought that since there's no restrictions on the export of > open source software, we're better off letting them know when we > didn't have to, than not letting them know when we should have. >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.