Question on export issues

Ivan Krstić krstic at
Mon Dec 31 17:46:44 EST 2007

On Dec 31, 2007, at 3:32 PM, Sidney Markowitz wrote:
> I find that very strange considering this from a BIS FAQ
> What hoops did you have to jump through?

Here's one relevant excerpt from an internal e-mail exchange, as  
written up by a colleague:

"1) Encryption is a dual-use technology under the Wassenaar Agreement.
This means that it is illegal to export products containing
cryptographic technology without first satisfying the requirements of
the EAR (the export regulations).

2) There are several ways to satisfy the requirements of the EAR. Of
particular interest are the "Technologies and Software - Unrestricted"
(TSU) licensing exception, the "Encryption commodities and software"
(ENC) licensing exception, and the "mass market encryption" designation.

3) Our software contains both "Open Cryptographic Interfaces" and is
designed to be cryptographically extended by the end user. These two
features prohibit us from qualifying for either the 'ENC' licensing
exception or the mass-market encryption "No License Required" (NLR)

4) Essentially all open source projects use the TSU licensing exception.

5) Essentially none of them publish the details of their experience of
the process of satisfying the export control requirements.

6) I have not been able to locate any example responses to the
Encryption Questionnaire against which I can judge what level of detail
is required and how the 'third party components' question (no. 8) was

We encountered other hassles. I intend to ask our legal intern, who  
did a phenomenal job rounding this all up, to write up the process in  
some detail.


Ivan Krstić <krstic at> |

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list