PLEASE NOTE: I am not a lawyer. If you need the opinion of one, ask one. However, a clear reading appears to state that you just have to send a copy of the source code (or a URL to obtain the source code) to [EMAIL PROTECTED] and [EMAIL PROTECTED] Please see Export Administration Regulations Section 740-13(e), and http://bxa.doc.gov/encryption/PubAvailEncSourceCodeNofify.html
Its ECCN would normally be 5D002, but since it's publicly-available source code it is under exemption TSU, provided the notification requirements are met. Or so it reads to me. -Kyle H On 3/7/06, Kyle Hamilton <[EMAIL PROTECTED]> wrote: > OpenSSL, as open-source software, falls under export exemption TSU. > Reference 15 CFR Parts 734, 740, 742, 770, 772, and 774. > > This information is taken from > http://www.epic.org/crypto/export_controls/regs_1_00.html: > > 3. Also in ยง740.13, to, in part, take into account the "open source" > approach to software development, unrestricted encryption source code > not subject to an express agreement for the payment of a licensing fee > or royalty for commercial production or sale of any product developed > using the source code can, without review, be released from "EI" > controls and exported and reexported under License Exception TSU. > Intellectual property protection (e.g., copyright, patent, or > trademark) would not, by itself, be construed as an express agreement > for the payment of a licensing fee or royalty for commercial > production or sale of any product developed using the source code. To > qualify, exporters must notify BXA of the Internet location (e.g., URL > or Internet address) or provide a copy of the source code by the time > of export. These notifications are only required for the initial > export; there are no notification requirements for end-users > subsequently using the source code. Notification can be made by e-mail > to [EMAIL PROTECTED] > > On 3/7/06, Dr. Uwe Girlich <[EMAIL PROTECTED]> wrote: > > Hello! > > > > I'm working for Siemens and we deliver OpenSSL 0.9.8 as part of a big Telco > > product. To export this whole product, we need ECCN numbers and possible TSU > > exceptions with CCATS numbers for all components and as such also for > > OpenSSL. > > > > Browsing through your mailing archive, I found mails like > > http://www.mail-archive.com/openssl-dev@openssl.org/msg20741.html > > These mails with "TSU notifications" would suggest, that you already are in > > contact with BIS and NSA. > > > > Could you please confirm, that the ECCN for OpenSSL is in fact 5D002 and > > give > > me the CCATS number. Such a CCATS number is only valid for a particular > > release. > > With every patch you send to BIS and NSA, you generate a new one. Why don't > > you simply announce the web site as a whole and request a general TSU > > exception > > number? > > > > Regards, Uwe Girlich > > > > -- > > Dr. Uwe Girlich email: [EMAIL PROTECTED] > > Philosys Software GmbH www: www.philosys.de > > Edisonstrasse 6 phone: +49 89 321407-44 > > D-85716 Unterschleissheim fax: +49 89 321407-12 > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > Development Mailing List openssl-dev@openssl.org > > Automated List Manager [EMAIL PROTECTED] > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
