On 01/10/2016 23:01, Jeffrey Walton wrote:
Is there something more I should do on this issue?  I recall the OpenSSL
terms of use strongly discouraged people from the US from helping, due to US
export restrictions.
That's kinda outdated.
However there are very many OpenSSL users (myself included)
who rely on the legal status of OpenSSL/SSLeay as having no
US origin parts.  If this has changed, it needs a big red
banner at the top of the www.openssl.org, every affected
source file with the original EAY copyright boilerplate or
its OpenSSL clone etc.
That's kind of interesting. Are you saying there are countries where
you can source and import your crypto from some countries, but not
other countries?
I'm not sure about that either.  Part of my point is that when
*exporting* or *reexporting* products that include OpenSSL code,
the various filings (including DoC/BIS as it happens) tend to
include declarations related to the country of origin of the
cryptographic software.

Therefore (and for other reasons) it is very disconcerting if a
project such as OpenSSL, which is actually famous for its non-US
origin, silently changes its country of origin.

As I understand the US procedures from working with DoC and BIS, you
don't need an import license (only an export license). But I'd be
interested in hearing how some countries are trying to control the
crypto from the import side of the equation.

More humorously, does import versus export even matter? The crypto
genie is out of the bottle. It can't be put back.
Unfortunately, governments tend to disagree, and we can't all
afford to ignore ill-conceived laws.



Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to