[Cryptography] What should I put in notifications to NSA?

Collin Anderson collin at averysmallbird.com
Thu Dec 17 18:01:35 EST 2015

On Thu, Dec 17, 2015 at 1:21 PM, The Doctor <drwho at virtadpt.net> wrote:

> Due to the fact that we did not write our own crypto code (we used OpenSSL
> and applications which relied upon OpenSSL) we did not need to do this.
> The advice we were given was that, due to the fact that we did not write
> crypto code of our own, and we were using someone else's that had been
> packaged by yet someone else (two someone elses, actually - from Slackware
> to Porteus Linux to us, the code did flow) this set of regulations did not
> apply to our project.

I am not confident that distinction exists according to the EAR. I believe
the utilization of third party libraries still leads to the software being
classified under encryption export control when the item is considered an
information security or communications product.

*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151217/95e959f8/attachment.html>

More information about the cryptography mailing list