Lutz Jaenicke wrote: >There are three things to take care of: >*Legality of using encryption: > you can build and use any kind of cryptographic software in the US. > If you ship sources to the world outside the USA, you have to inform > the government of this fact (it does not require a permit, you just > have to inform then once by). If you export binaries, you still need > a permit, that however shall now be easy to obtain. > That's how I understood the situation. I am german. I am living in Germany. > I write OpenSource. I thus don't have to care.
Trying to understand U.S. government controls on the export of strong encryption is a bit of mystifying experience. The good news is that (generally) until 1998, this was illegal. Now, it is possible, but the path to success is buried in a maze of regulations. At the time of this writing, it is anticipated that rules are again going to change in mid 2002. That having been said, I'll offer my two cents on where to find information on the subject. An excellent matrix explaining licensing may be your best bet for understanding the issues. (http://www.t-b.com/matrix.html) However, the matrix may not be entirely clear without chasing down the EAR regs. The US Dept of Commerce Commercial Encryption Export Controls page (http://www.bxa.doc.gov/Encryption/guidance.htm) is the official place to start. It has a license exception chart (http://www.bxa.doc.gov/Encryption/lechart1.html), and help on public open source procedures (http://www.bxa.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html). Study the export regulations (http://w3.access.gpo.gov/bis/ear/ear_data.html) and try to understand the mess. Failing that, try some other sites like EPIC (http://www.epic.org/), Center for Democracy and Technology (http://www.cdt.org/crypto/), and the Electronic Frontier Foundation (http://www.eff.org/). If you are releasing open source code on the Internet free of charge, then you should be well-informed at this point. However, if any money is to be made on the source or object code, either by you or one of your customers, then you really need expert help. Expert help usually results in at least a $3000 bill for a license exception request, so be ready. David ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
