Ralph,

You just need to notify the BXA:

http://www.bxa.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html
http://www.bxa.doc.gov/Encryption/regs.htm

It's a very simple process, but you must notify them of the following
information. Email seems the easiest process that they support:

Step 3: Email Format
SUBJECT LINE OF EMAIL: type in "TSU NOTIFICATION" or "ENC NOTIFICATION" (as
appropriate).
In the body of email:
SUBMISSION TYPE: TSU or ENC
SUBMITTED BY:
SUBMITTED FOR: (company or person exporting the encryption item)
POINT OF CONTACT:
PHONE and/or FAX:
MANUFACTURER: (if relevant)
PRODUCT NAME/MODEL #:
ECCN: 5D002
NOTIFICATION: URL or Internet address of the source code or a copy of the
source code

Paul

At 09:17 AM 3/10/01 -0500, Peter D. Junger wrote:
>Raph Levien writes:
>
>: Hi Coderpunks,
>:
>: I realize this is, strictly speaking, a political rather than
>: technical issue, but at least it's directly related to getting
>: encryption code out there, and I figure that knowledgeable people will
>: be hanging out here.
>:
>: Basically, I want to know under what circumstances we can safely
>: export PDF decryption code with versions of Ghostscript. We ship
>: Ghostscript under three licenses: GPL (for older versions), Aladdin
>: Free Public License (free redistribution but limitations on commercial
>: products; thus not DFSG), and under proprietary licenses to our OEM
>: customers.
>:
>: Here are some relevant facts:
>:
>: * The encryption in PDF is 40-bit RC4, with MD5 used to derive the RC4
>: key from the user-supplied password.
>:
>: * Geoffrey Keating in Australia makes a patch available for Ghostscript
>: which adds the encryption capability.
>:
>: * The competing xpdf package (distributed under GPL only) includes
>: support for PDF decryption.
>:
>: I'd guess that we are allowed to freely distribute 40-bit RC4 with
>: both the GPL and AFPL versions as long as we cc: the BXA on all
>: releases, but for the commercial licensing, we'd have to advise our
>: customers that they need to go through the export licensing process
>: (no matter how pro forma) before including the code in their products.
>: Is this correct?
>
>This is not legal advice, but position that I have taken in distributing
>some insignificant code and that I would take in your position is that the
>export regulations on crypto only apply to encryption code, not decryption
>code.
>
>There is also the fact that the regulations were supposed to be amended
>to make it clear that object code produced from open source code that
>is publically available can be freely distributed. (I don't know to
>what extent that describes your OEM's situation). As a political matter
>I don't think that any of the situations that you refer to are one's
>where the government would want to risk a suit; although that might
>not stop them from harassment and the application of FUD.
>
>You might ask the Commerce Department for a ruling and if you get an
>unfavorable one bring it to the attention of the appropriate congress
>critters. I doubt that anyone could find any justification for applying
>the export regulations---at least beyond the notification requirements
>---to a case like yours.
>
>My impression is that the large commercial software houses actually
>rather like the current encryption regulations, since they can always
>cut a sweet-heart deal with BXA, while the regulations serve as a
>barrier to entry by would-be competitors. It is certainly true that
>the large outfits never gave a bit of support to my suit---or to the
>Bernstein and Karn suits---challenging the regulations. (Of course,
>that may have been because they were afraid to challenge the
>bureaucrats, rather than because they affirmatively liked the
>regulations.)
>
>By the way, I don't know what "DFSG" stands for.
>
>I do want to thank you for making Ghostscript publically available.
>My computers would be worthless to me without it since I run only
>Linux.
>
>I hope that this helps, or, at least gets a helpful discussion going.
>
>Servus,
>Peter
>--
>Peter D. Junger--Case Western Reserve University Law School--Cleveland, OH
> EMAIL: jungersamsara.law.cwru.edu URL: http://samsara.law.cwru.edu
> NOTE: jungerpdj2-ra.f-remote.cwru.edu no longer exists

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]