From BIS (BXA) FAQ http://www.bxa.doc.gov/Encryption/EncFAQs6_17_02.html#6
When may I submit a "notification" instead of a "review request"?
The following items may be exported and reexported to all destinations (except
designated terrorist supporting countries, nationals of such countries, and
persons designated in Part 744 of the EAR)once proper notification is given
to BIS and the ENC Encryption Request Coordinator: encryption source code that
would be considered publicly available under Section 734.3(b)(3) of the EAR
and the corresponding object code; encryption items with key lengths less than
or equal to 56 bits for symmetric algorithms, 512 bits for asymmetric
algorithms and 112 bits for elliptic curve algorithms; mass market encryption
products with symmetric key lengths not exceeding 64 bits; and beta test
encryption software. Also, you may increase the key length of a previously
reviewed encryption item by submitting a certification letter, provided that
this is the only change in cryptographic functionality. See Sections
740.9(c)(8), 740.13(e), 740.17(d)(3) and 742.15(b)(1) for notification
requirements for encryption items under the EAR.
EXP1024-DHE-DSS-RC4-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=RC4(56) Mac=SHA1 export
EXP1024-RC4-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=SHA1 export
EXP1024-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(1024) Au=DSS Enc=DES(56) Mac=SHA1 export
EXP1024-DES-CBC-SHA SSLv3 Kx=RSA(1024) Au=RSA Enc=DES(56) Mac=SHA1 export
EXP1024-RC2-CBC-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC2(56) Mac=MD5 export
EXP1024-RC4-MD5 SSLv3 Kx=RSA(1024) Au=RSA Enc=RC4(56) Mac=MD5 export
This above apparently use 1024 bit asymmetric keys which would not seem
to be allowed under the regulation to which 'export' is being applied.
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export
EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
And then these 40 bit symmetric keys would seem to be what remains
though it would be nice to have 512 bit asymmetric with 56 bit
symmetric keys.
And then is there an easy way to remove the non-exportable options on
the compilation? The only option I see at the moment is
no-<cipher> Build without the specified cipher (bf, cast, des, dh, dsa,
hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
The crypto/<cipher> directory can be removed after running
"make depend".
But this does not make a distinction, e.g., between DES-CBC3-SHA EXP1024-DES-CBC-SHA EXP-DES-CBC-SHA Also the automated box on the support page for subscribing to the mailing list does not seem to be working. But I would like to say that I am very impressed with the capabilities of SSL/TLS and am working hard to get it into my software. Regards, Neil Nelson ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
