On 01/10/2016 23:01, Jeffrey Walton wrote: >>>> Is there something more I should do on this issue? I recall the OpenSSL >>>> terms of use strongly discouraged people from the US from helping, due to US >>>> export restrictions. >>> That's kinda outdated. >> However there are very many OpenSSL users (myself included) >> who rely on the legal status of OpenSSL/SSLeay as having no >> US origin parts. If this has changed, it needs a big red >> banner at the top of the www.openssl.org, every affected >> source file with the original EAY copyright boilerplate or >> its OpenSSL clone etc. > That's kind of interesting. Are you saying there are countries where > you can source and import your crypto from some countries, but not > other countries? I'm not sure about that either. Part of my point is that when *exporting* or *reexporting* products that include OpenSSL code, the various filings (including DoC/BIS as it happens) tend to include declarations related to the country of origin of the cryptographic software. Therefore (and for other reasons) it is very disconcerting if a project such as OpenSSL, which is actually famous for its non-US origin, silently changes its country of origin. > As I understand the US procedures from working with DoC and BIS, you > don't need an import license (only an export license). But I'd be > interested in hearing how some countries are trying to control the > crypto from the import side of the equation. > > More humorously, does import versus export even matter? The crypto > genie is out of the bottle. It can't be put back. Unfortunately, governments tend to disagree, and we can't all afford to ignore ill-conceived laws. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded
