Crypto and export laws
M.-A. Lemburg
mal at egenix.com
Fri Sep 25 04:50:58 EDT 2009
Austin Bingham wrote:
> I'm trying to get a handle on how python intersects with
> crypto-related export control laws in the US and elsewhere. My current
> understanding, per the PSF's wiki, is that any crypto related and
> potentially export-sensitive code is in the ssl wrapper, and that, in
> fact, this only links to the actual encryption implementation
> (presumably libssl or something.) One caveat is that windows
> installations may include the ssl implementation.
>
> Does this effectively sum up python's exposure to export laws? On a
> technical level, does removing the ssl module from a distribution
> remove all references to encryption? Of course I'm not asking for
> actual legal advice, but can anyone think of any other part of the
> code that might run afoul of export rules? Thanks.
Here's a summary:
* Python uses OpenSSL in the ssl module and the hashlib module.
* hashlib falls back to its own implementations of the md5 and
sha algorithms.
* ssl doesn't work without OpenSSL installed on the system.
* The Windows intaller of Python ships with the OpenSSL libs.
* The only Python module that actually contained crypto code
was the rotor module (implementing an enigma-style cipher),
but that was removed a long time ago.
Depending on how close a country follows the Wassenaar
Arrangement (http://www.wassenaar.org/) OpenSSL, Python
and all other open-source software falls under the
GENERAL SOFTWARE NOTE part 2.:
"""
The Lists do not control "software" which is either:
1. ...
2. "In the public domain".
"""
If you're shipping a closed-source product that includes
OpenSSL, then you'd have to follow the rules in category 5
part 2 of the dual-use list:
http://www.wassenaar.org/publicdocuments/index_CL.html
However, some countries add some extra requirements to the
WA dual-use list, so you need check those as well.
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Sep 25 2009)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
More information about the Python-list
mailing list