Re: Question on export issues

2008-01-07 Thread Sidney Markowitz
Ivan Krsti? wrote, On 6/1/08 1:33 PM: On Jan 3, 2008, at 10:47 PM, Peter Gutmann wrote: That's because there's nothing much to publish: In the US, notify the BIS via email. Our outside counsel -- specializing in this area -- thought this was insufficient That's the problem with using

Re: Question on export issues

2008-01-06 Thread Ivan Krstić
On Jan 3, 2008, at 10:47 PM, Peter Gutmann wrote: That's because there's nothing much to publish: In the US, notify the BIS via email. Our outside counsel -- specializing in this area -- thought this was insufficient. That said, thanks for all the feedback in the thread -- I'll pass the

Re: Question on export issues

2008-01-04 Thread Peter Gutmann
=?UTF-8?Q?Ivan_Krsti=C4=87?= [EMAIL PROTECTED] writes: 4) Essentially all open source projects use the TSU licensing exception. 5) Essentially none of them publish the details of their experience of the process of satisfying the export control requirements. That's because there's nothing much

Re: Question on export issues

2008-01-03 Thread Alan
On Sun, 2007-12-30 at 08:30 -0500, Richard Salz wrote: In my personal experience, if you are developing a mass-market item with conventional crypto (e.g., SSL, S/MIME, etc ) then it is fairly routine to get a commodity export license which lets you sell globally. Disclaimers abound,

Re: Question on export issues

2008-01-03 Thread Richard Salz
Is there some technology that they are so afraid of that they still won't let it ship or does it just matter who you are, not what it is? I wouldn't know for sure, but I am sure that who is asking permission does matter. /r$, sounding like his idol dan :) -- STSM, DataPower Chief

Re: Question on export issues

2008-01-02 Thread Florian Weimer
* Ivan Krstić: We've recently had to jump through the BIS crypto export hoops at OLPC. Our systems both ship with crypto built-in and, due to their Fedora underpinnings, allow end-user installation of various crypto libraries -- all open-source -- through our servers. It was a nightmare; the

Re: Question on export issues

2007-12-31 Thread Ivan Krstić
On Dec 30, 2007, at 12:06 AM, [EMAIL PROTECTED] wrote: never be permitted to export to the embargoed country list (Cuba, Iran, Sudan, Syria, North Korea, and Libya). Not Libya. See 15 C.F.R §740Spir[0], country group E: Cuba, Iran, North Korea, Sudan, Syria. Interestingly, 15 C.F.R.

Re: Question on export issues

2007-12-31 Thread Sidney Markowitz
Ivan Krsti? wrote, On 31/12/07 12:48 PM: We've recently had to jump through the BIS crypto export hoops at OLPC I find that very strange considering this from a BIS FAQ http://www.bis.doc.gov/encryption/encfaqs6_17_02.html all encryption source code that would be considered publicly

Re: Question on export issues

2007-12-30 Thread dan
Alan writes: -+ | What are the rules these days on crypto exports. Is a review | still required? If so, what gets rejected? | The following is a recent interaction with specialty export counsel, though somewhat modified as I detoxed it from base64 to ASCII plaintext and from

Re: Question on export issues

2007-12-30 Thread Richard Salz
In my personal experience, if you are developing a mass-market item with conventional crypto (e.g., SSL, S/MIME, etc ) then it is fairly routine to get a commodity export license which lets you sell globally. Disclaimers abound, including that I'm not a lawyer and certainly don't speak for

Question on export issues

2007-12-29 Thread Alan
What are the rules these days on crypto exports. Is a review still required? If so, what gets rejected? Just wondering... I have people at work ask me what the rules are and I have not kept up with them. If GnuPG can ship, what gets rejected? Is there some magic cryptotech I am not aware of?