[Cryptography] What should I put in notifications to NSA?
Collin Anderson
collin at averysmallbird.com
Thu Dec 17 18:01:35 EST 2015
On Thu, Dec 17, 2015 at 1:21 PM, The Doctor <drwho at virtadpt.net> wrote:
> Due to the fact that we did not write our own crypto code (we used OpenSSL
> and applications which relied upon OpenSSL) we did not need to do this.
> The advice we were given was that, due to the fact that we did not write
> crypto code of our own, and we were using someone else's that had been
> packaged by yet someone else (two someone elses, actually - from Slackware
> to Porteus Linux to us, the code did flow) this set of regulations did not
> apply to our project.
>
I am not confident that distinction exists according to the EAR. I believe
the utilization of third party libraries still leads to the software being
classified under encryption export control when the item is considered an
information security or communications product.
https://www.bis.doc.gov/index.php/policy-guidance/encryption/encryption-faqs#7
--
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151217/95e959f8/attachment.html>
More information about the cryptography
mailing list