On 03/03/2013 01:41 PM, Adam Back wrote:
Dont tell me you still think you need permission to export RSA in perl to non-embargoed entities:
Open-source crypto that is downloadable from public-sites has a special designation in the EAR; you only need to notify the BIS and provide the download URL. While I cannot confirm this, US-companies that provide downloading capabilities - such as sourceforge.net - are required to comply with the EAR when the FOSS has crypto in it and are expected to restrict its distribution. I agree that this does not prevent individuals in permitted countries from downloading such open-source crypto and carrying it with them to embargoed countries/individuals - but at this point, as a US citizen, you will have broken the law. What happens after that is up to your lawyers and the USDOJ. I also agree that all this seems irrelevant considering that everyone has access to strong crypto in one form or another; but, even a stupid law is still the law. As a democracy, we have the ability to change it if its important enough to us, but when bigger issues are fumbled regularly, crypto-regulation should be the least of our problems. Its easier for small companies like ours to comply with it than fight it. Arshad Noor StrongAuth, Inc. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography