Kyle Hamilton wrote: > Well, the question becomes: Which government are you trying to work > around the restrictions of? > > OpenSSL is open-source. In the United States, while it may fall under > the export class EI on the CCR, it also falls under export exemption > TSU (see http://www.access.gpo.gov/bis/ear/txt/740.txt (section > 740.13(e)(1)) and http://www.access.gpo.gov/bis/ear/txt/734.txt > (section 734.3(b)(3))). OpenSSL is not US-origin (it is Australia- > and United Kingdom-origin), and every new release has had the > notification requirement (734.3(e)(3)) met by the release manager. > > The US was, for a long time, considered the most hard-nosed of the > governments as related to cryptography. This changed in 2000. Finally we don't know what the actual circumstances are and it may well be that export restrictions apply. Please note that even though OpenSSL itself is open source it my be incorporated by static linking into an application that is not open source (the OpenSSL license does allow that) or it may be used on an (embedded) appliance. In both cases the export control regulations have to be considered for the final product not for the base technology. Been there, seen that.
Best regards, Lutz ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]