[Cryptography] What should I put in notifications to NSA?
drwho at virtadpt.net
Mon Dec 21 13:51:00 EST 2015
-----BEGIN PGP SIGNED MESSAGE-----
On Sat, 19 Dec 2015 17:39:54 -0500
"Kevin W. Wall" <kevin.w.wall at gmail.com> wrote:
> But could that be that while Project Byzantium _used_ OpenSSL, it did
> not package up OpenSSL as part of it's distribution (including being
> statically compiled against OpenSSL)?
That is absolutely correct.
The reason we asked legal counsel for guidance is because none of us are lawyers. Due to the fact that we linked a bunch of stuff against OpenSSL, and would be distributing a Linux distribution that incorporated OpenSSL on an international basis, we wanted to avoid as much legal trouble as possible. To put it another way, we didn't want to risk going to jail because we did not carry out due dilligence.
> I would think in such cases there would be no issue since you not actually
> delivering any crypto to anyone yourself.
You would think that; we mostly thought that. But 'think' and 'legal experts say $foo' are two different things.
tl;dr - We aren't lawyers, so we asked a lawyer who knew the ins and outs of this area of law.
The Doctor [412/724/301/703/415] [ZS]
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1
"I am not an atomic playboy!" --Future Crew, _Second Reality_
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the cryptography