Open Source Embedded SSL - Export Questions
billtlists at icarion.com
Tue Nov 25 20:54:55 EST 2003
On Mon, 2003-11-24 at 21:06, J Harper wrote:
> We're not looking for official legal advice, just some pointers to
> current online resources of how to go about registering our product
> in the US. I've seen posts that for SSL implementations you "just
> need to send a letter to the government", but haven't come across
> an official government checklist and address.
is the US Dept of Commerce site that has the regulations
has the details about what letter you send where for "Publicly
Available" source code. You'll want to read the regulations to verify
that the code does qualify as "publicly available", etc...
No, I'm not a lawyer, and no, this was not legal advice.
I am, however, an embedded software developer, and am looking forward to
seeing the code :) I'm guessing the details of the software and license
are already set, but just in case they aren't, I've got a couple of
1) Not GPL or LPGL, please. I'm a fan of the GPL for most things, but
for embedded software, especially in the security domain, it's a
killer. I'm supposed to allow users to modify the software that runs on
their secure token? And on a small platform where there won't be such
things as loadable modules, or even process separation, the (L)GPL
really does become viral. This is, I think, why Red Hat releases eCos
under a non-GPL (but still open source) license.
2) Make it functional on systems without memory allocation. Did I
mention that I work on (very) small embedded systems? Having fixed
spaces for variables is useful when you want something to run
deterministically for a long time with no resets, and I have yet to find
a free bignum library that didn't want to use malloc all the time.
Thanks in advance for the code release,
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography