On Sun, Mar 3, 2013 at 3:18 PM, Arshad Noor <[email protected]> wrote: > On 03/03/2013 11:34 AM, Paul Hoffman wrote: >>> >>> You've now exported crypto to a restricted country. What happens next? >> >> >> You ask a lawyer or a legislator, not a bunch of amateurs in the subject? >> > > +1 > > As someone who personally reviewed hundreds of pages of EAR rules, > applied for and received License Exceptions for the export Have you spoken to Anita? She is very helpful :)
> key-management and PKI appliances, I would conjecture that crypto > in JavaScript would violate US export laws. Key management may or may not be covered by export controls. It depends on whether you are using encryption. You can perform key agreement (Diffie-Hellman) and not require an export license. But if you key a block cipher with the shared secret, you will need a license. If you are doing key transport (RSA), then you would need a license. EAP-PSK, with its underlying block cipher, also requires a license. Authentication does not require a license. > Companies/Individuals > that create crypto are restricted from shipping/selling it to > people even in the USA if they appear on the Denied Persons List: > > http://www.bis.doc.gov/dpl/default.shtm I believe you can ship to banned countries/individuals, but you need a license that is administered by both Department of Commerce and State Department. Cookie cutter licenses to get approved for the App Store usually don't fall under joint jurisdiction. Jeff _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
