On Dec 31, 2007, at 3:32 PM, Sidney Markowitz wrote:
I find that very strange considering this from a BIS FAQ
What hoops did you have to jump through?

Here's one relevant excerpt from an internal e-mail exchange, as written up by a colleague:

"1) Encryption is a dual-use technology under the Wassenaar Agreement.
This means that it is illegal to export products containing
cryptographic technology without first satisfying the requirements of
the EAR (the export regulations).

2) There are several ways to satisfy the requirements of the EAR. Of
particular interest are the "Technologies and Software - Unrestricted"
(TSU) licensing exception, the "Encryption commodities and software"
(ENC) licensing exception, and the "mass market encryption" designation.

3) Our software contains both "Open Cryptographic Interfaces" and is
designed to be cryptographically extended by the end user. These two
features prohibit us from qualifying for either the 'ENC' licensing
exception or the mass-market encryption "No License Required" (NLR)

4) Essentially all open source projects use the TSU licensing exception.

5) Essentially none of them publish the details of their experience of
the process of satisfying the export control requirements.

6) I have not been able to locate any example responses to the
Encryption Questionnaire against which I can judge what level of detail
is required and how the 'third party components' question (no. 8) was

We encountered other hassles. I intend to ask our legal intern, who did a phenomenal job rounding this all up, to write up the process in some detail.


Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to