[good faith]
>
> OK. Is this explicitly stated somewhere, or is it an interpretation of
> regs? Has it been tested in court?
As far as I know it has not been tested in court. The regs on
export restricted web sites *do* explicitly mention good faith
effort. I think that the use of good faith in other areas, such as
that described, is an extension of that bit in the regs.
>
> I see where you are coming from. I still don't want to get involved in
> finding ways to _prevent_ export - that's just a distraction of
> expertise, and a futile task, but I'm more than happy to have people
> warrant that they haven't done anything they shouldn't have, though I
> don't promise I'm going to police that particularly vigorously - I
> certainly won't get in the way of anyone who wants to.
OK, I think that's all reasonable.
>
> I suspect that there are people around who are going to disagree on what
> can and can't be exported, though, and I really am not at all sure how
> we can judge who is correct. For starters, we already see one camp that
> says "any source in OpenSSL is unexportable", and another that says
> "non-crypto sources (e.g. ASN.1) are exportable". I have a feeling
> someone has also said that docco is unexportable except in printed form
> (which, of course, patches are, too, aren't they? Perhaps we should just
> find volunteers willing to transcribe faxed patches?).
Transcribing faxed patches isn't enough. It satisfied the
printed export loophole but it is still technical assistance. A
printed book needs to be 'published'. Ideally you'd do a run of a few
hundred, distribute it to libraries, etc. That's how PGP did it.
The problem is that if we use criteria X allowing export, yet
most people are using more restrictive criteria Y for export, then
they can't use OpenSSL. I think the way to go, given that the rules
are unconstitutionally vague, would be to follow, rather than
lead. Allow what other US companies allow with respect to export.
>
> Anyone got any suggestions as to how we resolve this?
My suggestion is that we find a US export lawyer (I know a few
=) willing to provide the group with some advice pro bono, and the
group can create guidelines based on that advice.
--
[EMAIL PROTECTED] 510 291 2283
The BPM Group http://www.bpm.ai/~sameer/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
