Dear Mr. Schwartz and Mr. Woods, Thank you both for your comments although it doesn't fully clear my concern. I am currently consulting with the Department of Commerce of the American Embassy in Japan, who said they will investigate the exportability for us. Our software used in the newly developed PDA is pretty much similar to any other PDAs that are commercially available, which means it is something that should not be a threat to the US government.
I would deeply appreciate if you would allow me to ask you again, should there be any further questions or problems regarding your technology. Thanks and regards, Seigo Tanaka ----- Original Message ----- From: "David Schwartz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "'Seigo Tanaka'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]>; "'Yokoyama Hiroaki'" <[EMAIL PROTECTED]>; "'Sato Shinsuke'" <[EMAIL PROTECTED]> Sent: Friday, March 22, 2002 8:37 PM Subject: RE: Inquiry/US Export Regulations >It is my impression that the development of OpenSSL is done completely >outside the US (see http://www.openssl.org/about/ ) so that distribution of >the OpenSSL software is unencumbered by US export regulations. I expect you >would need to consult with an expert on Taiwanese law about their production >and export laws, and a similar expert on Japanese law about import >restrictions, if any. He only seemed interested in SHA1, which is not an encryption algorithm. Presuming he's not talking about encryption, I don't know of any country that has any export regulations that would affect him. However, he shouldn't be concerned about the exportability of OpenSSL, since that's not what he would be exporting. He should be concerned about the exportability of *his* program that uses OpenSSL. As I understand U.S. law (IANAL, but I've dealt with the BXA a lot) they don't care what bits you have inside, they just care what the whole thing does. For example, OpenSSL may be exportable without restriction, but a high-speed closed-source network data scrambler that provide data encryption with 2,048 bit RSA keys and 168-bit 3DES may not be, even if it happens to use OpenSSL internally to do the encryption. Why should it matter what bits are inside? DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
