[Cryptography] NSA's FAQs Demystify the Demise of Suite B
Allen
allenpmd at gmail.com
Sun Feb 14 05:55:17 EST 2016
>
> The only folks who have to deal with US export controls on crypto these
> days, as I understand it, are those who build custom, proprietary
> software; or those who build hardware custom designed for
> cryptanalysis (like a DES cracker).
>
I don't think the U.S. Department of Commerce would agree with you. See
https://www.bis.doc.gov/index.php/policy-guidance/encryption
AFAIK, the only items that aren't covered by export controls are:
- Encryption using key length ≤ 56 symmetric / 512 asymmetric / 112
elliptic curve; or
- Limited to authentication, digital signature, or execution of
copy-protected software only
See the Commerce Control List, Export Control Classification Number (ECCN)
5A002, item (a) under "List of Items Controlled" which reads: "Systems,
equipment and components, for 'information security', as follows...". The
Commerce Control List is contained in Supplement No. 1 to Part 774 of Title
15 of the Code of Federal Regulations which can be found at
http://www.ecfr.gov/
If neither of the above apply, then US persons either have to register or
find a registration exemption and comply with the terms of the exemption,
which might include notification. That to me qualifies as "dealing with US
export controls".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160214/e72a6aa1/attachment.html>
More information about the cryptography
mailing list