Kyle Hamilton wrote:
> Well, the question becomes: Which government are you trying to work
> around the restrictions of?
>
> OpenSSL is open-source. In the United States, while it may fall under
> the export class EI on the CCR, it also falls under export exemption
> TSU (see http://www.access.gpo.gov/bis/ear/txt/740.txt (section
> 740.13(e)(1)) and http://www.access.gpo.gov/bis/ear/txt/734.txt
> (section 734.3(b)(3))). OpenSSL is not US-origin (it is Australia-
> and United Kingdom-origin), and every new release has had the
> notification requirement (734.3(e)(3)) met by the release manager.
>
> The US was, for a long time, considered the most hard-nosed of the
> governments as related to cryptography. This changed in 2000.
Finally we don't know what the actual circumstances are and
it may well be that export restrictions apply.
Please note that even though OpenSSL itself is open source it
my be incorporated by static linking into an application that
is not open source (the OpenSSL license does allow that) or it
may be used on an (embedded) appliance. In both cases the
export control regulations have to be considered for the final
product not for the base technology.
Been there, seen that.
Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
