[Cryptography] What should I put in notifications to NSA?

[Bill Cox]

On Tue, Dec 15, 2015 at 8:29 PM, Phillip Hallam-Baker <phill at hallambaker.com
> wrote:

> I am working on staging the code for the Mesh on SourceForge.
>
> https://sourceforge.net/projects/mathematicalmesh/
>
> There is this bit to do:
>
> You must notify BIS and the ENC Encryption Request Coordinator via
> e-mail of the Internet location (e.g., URL or Internet address) of the
> publicly available encryption source code or provide each of them a
> copy of the publicly available encryption source code. If you update
> or modify the source code, you must also provide additional copies to
> each of them each time the cryptographic functionality of the source
> code is updated or modified. In addition, if you posted the source
> code on the Internet, you must notify BIS and the ENC Encryption
> Request Coordinator each time the Internet location is changed, but
> you are not required to notify them of updates or modifications made
> to the encryption source code at the previously notified location. In
> all instances, submit the notification or copy to crypt at bis.doc.gov
> and toenc at nsa.gov.
>
>
> What do folk normally do here? I was thinking of giving them the URL
> of the repository and a statement to the effect that by complying I do
> not wave my first amendment rights
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography


I don't think requiring registration of open-source crypto violates our
constitutional rights, but I know this is debatable.  I'd just comply with
the law and send a simple email.

That said, I think I wrote a whole editorial piece in my last email like
this :)

Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151216/eaf3be3d/attachment.html>