Subject: Re: Exporting Crypto in Practice
From: Frank Hecker <frank@collab.net>
Date: Mon, 11 Dec 2000 10:49:53 -0500

Ben Laurie wrote:
> Frank Hecker wrote:
<snip>
> > Software which consists _only_ of open source code can
> > be exported from the U.S. with minimal restrictions and no need for
> > formal classification by BXA. We have been doing this in the Mozilla
> > project for quite some time; see
> 
> I thought the issue was that Immunix is not completely open source (at
> least, that's what Crispin told me a few weeks ago).

If Immunix is not completely open source then unfortunately you can't
use the EAR 740.13(e) exemption for Immunix considered as a whole.
However you could potentially separate out the proprietary parts from
the open source parts (e.g., as separately downloadable RPMs), release
the open source parts as previously described, and apply for BXA
classification of the proprietary parts, if they in fact include
encryption functionality.

But I really don't know enough about the situation to advise further;
with regard to export of proprietary encryption software people really
should consult a lawyer with expertise in the area.

Frank
-- 
Frank Hecker            work: http://www.collab.net/
frank@collab.net        home: http://www.hecker.org/