Hi Scott, thanks for your answer. You´re right as long as Apache XML Security is not specially "designed or modified for the development, production or use" of other export controlled crypto-software. If not, Apache XML Security is controlled under ECCN 5D002a (see http://www.access.gpo.gov/bis/ear/pdf/ccl5-pt2.pdf, page 6) and you should notify BIS (Bureau of Industry and Security) to be able to use license exception TSU (§ 740.13 EAR) and to avoid violations of US export control law.
Could you please let me know, which alternative is true for Apache XML security and, if it is 5D002 if/when you notified BIS? Rgds Michelle -------- Original-Nachricht -------- > Datum: Mon, 3 Aug 2009 09:40:21 -0400 > Von: "Scott Cantor" <canto...@osu.edu> > An: security-dev@xml.apache.org > Betreff: RE: export control > Michelle Meyer wrote on 2009-08-03: > > Hi, > > > > I posted a question concerning export control on 17th of July and still > got > > no answer. I guess it is just the wrong mailing list. May anybody help > and > > tell me where to I should adress my request. Thank you yo much! > > Neither library includes any cryptography code, they depend on other > libraries for that. I don't think they're export controlled as a result. > > -- Scott > > -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
