Austin L. Gosling ([EMAIL PROTECTED]) typed this on Thu, Mar 26, 1998 at
12:20:14PM -0500:
>
>
> Eduardo Marcel Macan wrote:
>
> > On Thu, 26 Mar 1998 [EMAIL PROTECTED] wrote:
> >
> > > I have a product (GPL) which I can't export because it uses encryption
> > > software, and I'm a US citizen, and I wrote it in the US.
> >
> > If you use a library (SSLeay) to perform all the dirty work of encription/
> > decription and distribute your software in source form, not including
> > the library itself. Is it still ilegal? If not I could provide you with
> > a non-us site to store it, if you want.
> >
> > It's something I always asked myself, because software written using SSLeay
> > and distributed without it does not contain any crypto code at all.
> > Could some US citizen answer that to me?
> >
> > Thanks...
>
> I'm a US citizen, but that certainly doesn't qualify me to give an official
> answer to this question. I have, however, studied Schneier's book "Applied
> Cryptography" and other sources on this problem, and it seems to me that you
> are right. If the software does not contain cryptographic algorithms, it cannot
> be classified as "munitions", and thus does not fall under the export
> restrictions. That's the way I see it, but of course, I don't know what the No
> Such Agency would think.
My company has been trying to get export approval for some programs
that use crippled encryption, while shipping a strong encryption
version in the US. This does not make me an expert, but my
understanding is that if you make it trivial to replace weak
encryption with strong in a product, you can't export it legally.
By the precedent set by Schneier's book, though, I would expect that
you could ship a printed copy of the source to someone outside the
US, have them type it in and compile, and off you go.
Good luck!
--Kurt
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
