Rick Smith Wrote:
>
>If you're embedding it in a product and using it just to do authentication
>or integrity checking, then it falls outside of the export regulations.
>
>If you just want to post some source code on your web site or include it in
>something that might be exported, then I don't know for sure. Read over the
>regulations (BXA, the Bureau of Export Administration, has them on the web
>somewhere). If there isn't language in the regulations that declares one
>way hash functions to be encryption algorithms, then it should be OK. But
>you might want to ask an export control lawyer.
>
A wealth of information is available at www.bxa.doc.gov (Bureau of Export
Administrations web site). Specific reference to crypto issues is located at
http://www.bxa.doc.gov/Encryption/Default.htm
Export Administration Regulations (EARs) are available on-line via the gpo
at http://www.access.gpo.gov/bxa/ear/ear_data.html
While we debate the encryption policy, the BXA none-the-less is charge with
administering the regulations presently in force. Our company has been
successful in obtaining export licenses for crypto devices and intellectual
property and have found the process of license application not at all
arduous. The BXA and NSA (technical evaluation of license application) were
helpful and provided input to streamline our applications. Do consider the
BXA as a resource in researching your product or technology export criteria.
Ricki Boyle
