http://www.access.gpo.gov/bis/ear/txt/ccl5-pt2.txt:
--------------------------------
a.1. Designed or modified to use
"cryptography" employing digital techniques
performing any cryptographic function other than
authentication or digital signature having any of
the following:
--------------------------------
Since it's only for authentication (isn't that the case?), are we ok?
On 2/21/07, Mike Kienenberger <mkienen..mail.com> wrote:
> On 2/21/07, Michael Gentry <blacknex..mail.com> wrote:
> > So, in my opinion, we aren't providing encryption. We are providing a
> > hook for an end-user (like me) to add to the product (Cayenne) the
> > ability to have a strongly encrypted database password
>
> From http://www.apache.org/licenses/exports/:
> ========================================
> Products classified as ECCN 5D002, are exported by the ASF under the
> TSU exception in EAR 740.13(e), which applies to software containing
> or designed for use with encryption software that is publicly
> available as open source.
> ========================================
>
> On the other hand, Roy also wrote:
> ==============
> As far as timing goes, the notice should be sent as soon as
> it becomes clear that the product will eventually contain code
> that is designed for a given 5D002 product (i.e., anything that
> uses encryption for purposes other than mere authentication).
> ==============
>
> So I think we need a ruling from ASF legal (probably either Roy or Cliff).
>
This archive was generated by hypermail 2.0.0 : Wed Feb 21 2007 - 22:42:42 EST