You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Mark J Cox <mj...@apache.org> on 2003/08/21 12:27:07 UTC

xml-security and encryption

In the board meeting last night I expressed that the xml-security project
as described in Attachment D was not implementing crypto, just links to
crypto, and therefore could be treated the same way as things that the ASF
distributes such as mod_ssl.

However something Ben said back in July prompted me to go and refresh my
knowledge of the actual regulations.  5D002 does state that software
designed to "use" software that is classified under 5D002 is, itself,
classified under 5D002, which implies to me that things like this proposal
as well as mod_ssl may be restricted for export under EAR.

So the approach outlined by the sub-project in Attachment D looks to me to
be sufficient to meet our obligations.  Before the board gives specific
endorsement to the approach I'd like to hear an opinion from Ben who has
dealt with this more recently and was not on the board call.

Mark
--
Mark J Cox ........................................... www.awe.com/mark
Apache Software Foundation ..... OpenSSL Group ..... Apache Week editor

Re: xml-security and encryption

Posted by Ben Laurie <be...@algroup.co.uk>.

Mark J Cox wrote:

> In the board meeting last night I expressed that the xml-security project
> as described in Attachment D was not implementing crypto, just links to
> crypto, and therefore could be treated the same way as things that the ASF
> distributes such as mod_ssl.
> 
> However something Ben said back in July prompted me to go and refresh my
> knowledge of the actual regulations.  5D002 does state that software
> designed to "use" software that is classified under 5D002 is, itself,
> classified under 5D002, which implies to me that things like this proposal
> as well as mod_ssl may be restricted for export under EAR.
> 
> So the approach outlined by the sub-project in Attachment D looks to me to
> be sufficient to meet our obligations.  Before the board gives specific
> endorsement to the approach I'd like to hear an opinion from Ben who has
> dealt with this more recently and was not on the board call.

Where is this attachment D?

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff