On Mon, 2003-11-24 at 21:06, J Harper wrote: ...snip... > We're not looking for official legal advice, just some pointers to > current online resources of how to go about registering our product > in the US. I've seen posts that for SSL implementations you "just > need to send a letter to the government", but haven't come across > an official government checklist and address. ...snip
http://www.bxa.doc.gov/Encryption/ is the US Dept of Commerce site that has the regulations http://www.bxa.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html has the details about what letter you send where for "Publicly Available" source code. You'll want to read the regulations to verify that the code does qualify as "publicly available", etc... No, I'm not a lawyer, and no, this was not legal advice. I am, however, an embedded software developer, and am looking forward to seeing the code :) I'm guessing the details of the software and license are already set, but just in case they aren't, I've got a couple of requests: 1) Not GPL or LPGL, please. I'm a fan of the GPL for most things, but for embedded software, especially in the security domain, it's a killer. I'm supposed to allow users to modify the software that runs on their secure token? And on a small platform where there won't be such things as loadable modules, or even process separation, the (L)GPL really does become viral. This is, I think, why Red Hat releases eCos under a non-GPL (but still open source) license. 2) Make it functional on systems without memory allocation. Did I mention that I work on (very) small embedded systems? Having fixed spaces for variables is useful when you want something to run deterministically for a long time with no resets, and I have yet to find a free bignum library that didn't want to use malloc all the time. Thanks in advance for the code release, -Bill --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]