incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Burrell Donkin <robertburrelldon...@gmail.com>
Subject Re: Request dev help: Info for required crypto export declaration
Date Thu, 01 Sep 2011 18:51:16 GMT
On Thu, Sep 1, 2011 at 7:38 PM, Dennis E. Hamilton
<dennis.hamilton@acm.org> wrote:
> Please just do it this way:
>
> <http://www.apache.org/dev/crypto.html>
>
> ASF is very clear on what is required for *its* releases and this page appears to be
comprehensive.

The Apache rules break down into reporting to users and notification.
Informing users is important but notification is urgent (making source
available [1] counts as export).

> (I finally found where I saw this before.  It has also been discussed here or on the
ooo-private list before.  I remembered it as being simpler than it is.)

(It looks worse than it is)

Following the instructions[3], step 1 is to work out whether OOo has
any unusual cryptography beyond ECCN 5D002, which is:

<blockquote cite='http://www.apache.org/dev/crypto.html#classify>
   Software specially designed or modified for the development,
production or use of any of the other software of this list, or
software designed to certify other software on this list; or
   Software using a "symmetric algorithm" employing a key length in
excess of 56-bits; or
   Software using an "asymmetric algorithm" where the security of the
algorithm is based on: factorization of integers in excess of 512 bits
(e.g., RSA), computation of discrete logarithms in a multiplicative
   group of a finite field of size greater than 512 bits (e.g.,
Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in
excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve).
</blockquote>

Does OOo rely on cryptography more exotic than this?

Robert

[1] http://www.apache.org/dev/crypto.html#overview
[2] http://www.apache.org/licenses/exports/
[3] http://www.apache.org/dev/crypto.html#classify

Mime
View raw message