[Cryptography] What should I put in notifications to NSA?
waywardgeek at gmail.com
Wed Dec 16 14:55:31 EST 2015
On Tue, Dec 15, 2015 at 8:29 PM, Phillip Hallam-Baker <phill at hallambaker.com
> I am working on staging the code for the Mesh on SourceForge.
> There is this bit to do:
> You must notify BIS and the ENC Encryption Request Coordinator via
> e-mail of the Internet location (e.g., URL or Internet address) of the
> publicly available encryption source code or provide each of them a
> copy of the publicly available encryption source code. If you update
> or modify the source code, you must also provide additional copies to
> each of them each time the cryptographic functionality of the source
> code is updated or modified. In addition, if you posted the source
> code on the Internet, you must notify BIS and the ENC Encryption
> Request Coordinator each time the Internet location is changed, but
> you are not required to notify them of updates or modifications made
> to the encryption source code at the previously notified location. In
> all instances, submit the notification or copy to crypt at bis.doc.gov
> and toenc at nsa.gov.
> What do folk normally do here? I was thinking of giving them the URL
> of the repository and a statement to the effect that by complying I do
> not wave my first amendment rights
> The cryptography mailing list
> cryptography at metzdowd.com
I don't think requiring registration of open-source crypto violates our
constitutional rights, but I know this is debatable. I'd just comply with
the law and send a simple email.
That said, I think I wrote a whole editorial piece in my last email like
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography