Question on export classification of BC library

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Question on export classification of BC library

Gerrit Leder
 --------------------------------------------------------------
       From: Gerrit Leder <[hidden email]>
         To: [hidden email]
    Subject: Question on export classification of BC library  

Hi all,

I want to integrate BC as a security provider and library into my java project.
Then I want to use Digest algorithm SHA3 for my digital signature system here:

Will my software become "classified under ECCN code 5D002 and approved for export under License Exception TSU", too?

Then I would have to answer sourceforge the question:
 This project incorporates, accesses, calls upon or otherwise uses encryption software with a symmetric key length greater than 64 bits ("encryption"). This review does not include products that use encryption for authentication only.

Right?

Can anybody comment on this, please?

Thanks in advance!
Gerrit
 --------------------------------------------------------------  
Reply | Threaded
Open this post in threaded view
|

Re: Question on export classification of BC library

Arshad Noor
You should likely speak to a lawyer who knows the US law in this
respect or, at least, read up on published regulations at the USBIS
site (https://www.bis.doc.gov/), Gerrit.

In any case, I get the impression that you are of German origin; if
you produced your software - and hosted its download - outside the US,
then US law does not apply to you.

Arshad Noor
StrongAuth, Inc.


On 12/05/2016 07:16 AM, Gerrit Leder wrote:

>  --------------------------------------------------------------
>        From: Gerrit Leder <[hidden email]
> <mailto:[hidden email]>>
>          To: [hidden email]
> <mailto:[hidden email]>
>     Subject: Question on export classification of BC library
>
> Hi all,
>
> I want to integrate BC as a security provider and library into my java
> project.
> Then I want to use Digest algorithm SHA3 for my digital signature system
> here:
> https://sourceforge.net/projects/gmr-digital-signature/?source=updater
>
> Will my software become "classified under ECCN code 5D002 and approved
> for export under License Exception TSU", too?
>
> Then I would have to answer sourceforge the question:
>  This project incorporates, accesses, calls upon or otherwise uses
> encryption software with a symmetric key length greater than 64 bits
> ("encryption"). This review does not include products that use
> encryption for authentication only.
>  This Project has less than 10% U.S.-origin parts or components.
>  This Project has more than 10% but less than 25% U.S.-origin parts or
> components.
>  This Project has more than 25% U.S-origin parts or components.
>
> Right?
>
> Can anybody comment on this, please?
>
> Thanks in advance!
> Gerrit
>  --------------------------------------------------------------