In my own research on strong crypto, I found out that US law allows strong crypto to be exported for open source software. That was some provision recently carved out in the last 10 years. I think there are some limitations and procedures wrapped around it -- like submitting the URL to the source code to the US Commerce Department -- but generally it's allowed. However, this isn't legal advice :-) and just my own understanding. I hope this helps.
With that said, I wouldn't commit any strong crypto code into Apache's SCM without first getting assurance from the IP folks. Paul On Wed, Oct 23, 2013 at 8:54 AM, Stefan Bodewig <bode...@apache.org> wrote: > On 2013-10-23, Mark Fortner wrote: > > > As you're probably aware, aes is export restricted. > > Commons Compress already has a crypto notice, see also > <http://www.apache.org/licenses/exports/> > > 7z uses 256bit AES when encrypting so if we want to provide code that > can read encrypted archives there is little choice which algorithms we > support :-) > > Stefan > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > > -- Cheers, Paul
