Question on export issues

Ivan Krstić krstic at
Sun Dec 30 18:48:13 EST 2007

On Dec 30, 2007, at 12:06 AM, dan at wrote:
> never be permitted to export to the embargoed country
> list (Cuba, Iran, Sudan, Syria, North Korea, and Libya).

Not Libya. See 15 C.F.R §740Spir[0], country group E: Cuba, Iran,  
North Korea, Sudan, Syria.

Interestingly, 15 C.F.R. §746.8[1] also lists Rwanda: "an embargo  
applies to the sale or supply to Rwanda of arms and related matériel  
of all types and regardless of origin, including weapons and  
ammunition." I am not a lawyer, and cannot tell whether this applies  
to encryption.

We've recently had to jump through the BIS crypto export hoops at  
OLPC. Our systems both ship with crypto built-in and, due to their  
Fedora underpinnings, allow end-user installation of various crypto  
libraries -- all open-source -- through our servers. It was a  
nightmare; the regulations and paperwork appear to be designed for the  
use case of individual applications that utilize a handful of  
primitives and attempt to keep the user from examining or modifying  
the utilized crypto. Trying to fit a Linux distribution into this  
model proved, er, challenging. (We also found that projects that we  
expected would know the drill cold, such as Fedora and Mozilla, were  
actually not very familiar with the processes involved.)



Ivan Krstić <krstic at> |

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list