Re: USA crypto rules and libssl-dependent packages

[sharkey@superk.physics.sunysb.edu]

> Really? I am not doing any static linking with libssl, only dynamic, so I
> don't believe that I am including any crypto.

I'm not sure that that matters.  The BXA refers to "Open Cryptographic
Interfaces".  My understanding was that any software which contained hooks
to call other software which actually performed encryption was regulated
as if it contained the encryption itself, since it contains an implementation
of a cryptographic interface.

> > Probably. It's my theory that the software is no longer export restricted
> > once you make the BXA notification.

That's not true.  See here:

http://www.bxa.doc.gov/Encryption/lechart1.html

Under the category 'Unrestricted source code ("open source")' it contains
an additional restriction 'may not knowingly export to the T-7'.  T-7
is defined as: Cuba, Iran, Iraq, Libya, North Korea, Syria, and Sudan.

Our FTP servers do not block these countries, so I don't know if we
would still be considered compliant under these rules.  I think it's
safer to leave everything in non-US.

Eric