[cryptography] Interesting Webcrypto question
arshad.noor at strongauth.com
Sun Mar 3 17:10:06 EST 2013
On 03/03/2013 01:41 PM, Adam Back wrote:
> Dont tell me you still think you need permission to export RSA in perl to
> non-embargoed entities:
Open-source crypto that is downloadable from public-sites has a special
designation in the EAR; you only need to notify the BIS and provide the
download URL. While I cannot confirm this, US-companies that provide
downloading capabilities - such as sourceforge.net - are required to
comply with the EAR when the FOSS has crypto in it and are expected to
restrict its distribution.
I agree that this does not prevent individuals in permitted countries
from downloading such open-source crypto and carrying it with them to
embargoed countries/individuals - but at this point, as a US citizen,
you will have broken the law. What happens after that is up to your
lawyers and the USDOJ.
I also agree that all this seems irrelevant considering that everyone
has access to strong crypto in one form or another; but, even a stupid
law is still the law. As a democracy, we have the ability to change
it if its important enough to us, but when bigger issues are fumbled
regularly, crypto-regulation should be the least of our problems. Its
easier for small companies like ours to comply with it than fight it.
More information about the cryptography