[botan-devel] Export considerations for redistributing botan libraries

Jack Lloyd lloyd at randombit.net
Tue Oct 23 08:27:52 EDT 2012


I am not an export lawyer (thankfully) but my understanding is that
current (since the Clinton era) crypto export regulations mostly do
not apply to open source software. The primary thing that is required
is notifying the BIS of where you are making the software available
(this is only required once, when you make the initial release
public). I know when I did it I just had to send them an email, but I
don't know what the notification process looks like today.

If you want to export hardware or closed source software I believe
this generally requires an export license from the Department of
Commerce and typically some kind of review though I do not know the
details. It sounds like this would not apply to your project though.

The DoC page http://www.bis.doc.gov/encryption/default.htm presumably
has the latest requirements and has instructions for determining
if you would need a review or license.

-Jack


On Tue, Oct 23, 2012 at 07:42:57AM -0400, Rick McGuire wrote:
> We're considering adding botan-enabled cryptography to the ooRexx open
> source project, but we're a bit concerned about what steps we might need to
> take to be compliant with US export regulations with respect to
> cryptography software.  Is there any guidance available for going through
> this process?  This is a project with a very small community and very few
> resources to draw upon, so if there are lots of hoops to jump through, we
> might have consider dropping this support.
> 
> Rick

> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel




More information about the botan-devel mailing list