[cryptography] Interesting Webcrypto question

Arshad Noor arshad.noor at strongauth.com
Sun Mar 3 15:18:42 EST 2013


On 03/03/2013 11:34 AM, Paul Hoffman wrote:
>> You've now exported crypto to a restricted country.  What happens next?
>
> You ask a lawyer or a legislator, not a bunch of amateurs in the subject?
>

+1

As someone who personally reviewed hundreds of pages of EAR rules,
applied for and received License Exceptions for the export of our
key-management and PKI appliances, I would conjecture that crypto
in JavaScript would violate US export laws.  Companies/Individuals
that create crypto are restricted from shipping/selling it to
people even in the USA if they appear on the Denied Persons List:

http://www.bis.doc.gov/dpl/default.shtm

As is typical, my guess is that the law is trailing the technology
curve, explaining why the practice is not explicitly controlled.
But, in the US - and I suspect, many other nations - ignorance of
the law is not an excuse/alibi for breaking the law.

Arshad Noor
StrongAuth, Inc.



More information about the cryptography mailing list