On Tue, Oct 30, 2001 at 03:07:07PM -0500, Jeremy Hylton wrote:
GH> So, as long as there are no actual cryptographic algorithms in GH> the Python source tree, but only hooks for OpenSSL, there's no GH> problem?
I don't think the export control regs work that way. Crypto-with-a-hole (that is, an API without the actual crypto implementation) is still considered crypto as far as I know.
The regulations are pretty simple these days for Open Source projects. Just send a note to the BXA (Commerce Dept.) with the URL to the source.
I wonder if it's wise to do this for Python, since it has an SSL interface (albeit a clunky one).
Looks like it would (formally) be required, looking thru this text: http://www.bxa.doc.gov/Encryption/EncryptionRuleOct2K.html I better stop reading crypo law texts now >:-< Gerhard -- mail: gerhard <at> bigfoot <dot> de registered Linux user #64239 web: http://www.cs.fhm.edu/~ifw00065/ OpenPGP public key id 86AB43C0 public key fingerprint: DEC1 1D02 5743 1159 CD20 A4B6 7B22 6575 86AB 43C0 reduce(lambda x,y:x+y,map(lambda x:chr(ord(x)^42),tuple('zS^BED\nX_FOY\x0b')))