On Dec 30, 2007, at 12:06 AM, [EMAIL PROTECTED] wrote:
never be permitted to export to the embargoed country
list (Cuba, Iran, Sudan, Syria, North Korea, and Libya).

Not Libya. See 15 C.F.R §740Spir[0], country group E: Cuba, Iran, North Korea, Sudan, Syria.

Interestingly, 15 C.F.R. §746.8[1] also lists Rwanda: "an embargo applies to the sale or supply to Rwanda of arms and related matériel of all types and regardless of origin, including weapons and ammunition." I am not a lawyer, and cannot tell whether this applies to encryption.

We've recently had to jump through the BIS crypto export hoops at OLPC. Our systems both ship with crypto built-in and, due to their Fedora underpinnings, allow end-user installation of various crypto libraries -- all open-source -- through our servers. It was a nightmare; the regulations and paperwork appear to be designed for the use case of individual applications that utilize a handful of primitives and attempt to keep the user from examining or modifying the utilized crypto. Trying to fit a Linux distribution into this model proved, er, challenging. (We also found that projects that we expected would know the drill cold, such as Fedora and Mozilla, were actually not very familiar with the processes involved.)


[0] http://www.access.gpo.gov/bis/ear/pdf/740spir.pdf
[1] http://www.access.gpo.gov/bis/ear/pdf/746.pdf

Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to