Return-Path: 
 <ooo-dev-return-4672-apmail-incubator-ooo-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-ooo-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-ooo-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 6F6158F45
	for <apmail-incubator-ooo-dev-archive@minotaur.apache.org>;
 Thu,  1 Sep 2011 19:18:41 +0000 (UTC)
Received: (qmail 26972 invoked by uid 500); 1 Sep 2011 19:18:40 -0000
Delivered-To: apmail-incubator-ooo-dev-archive@incubator.apache.org
Received: (qmail 26508 invoked by uid 500); 1 Sep 2011 19:18:40 -0000
Mailing-List: contact ooo-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:ooo-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:ooo-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:ooo-dev@incubator.apache.org>
List-Id: <ooo-dev.incubator.apache.org>
Reply-To: ooo-dev@incubator.apache.org
Delivered-To: mailing list ooo-dev@incubator.apache.org
Received: (qmail 26359 invoked by uid 99); 1 Sep 2011 19:18:40 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Sep 2011 19:18:40 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of dwhytock@gmail.com designates
 209.85.210.41 as permitted sender)
Received: from [209.85.210.41] (HELO mail-pz0-f41.google.com) (209.85.210.41)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Sep 2011 19:18:34 +0000
Received: by pzk4 with SMTP id 4so4573258pzk.28
        for <ooo-dev@incubator.apache.org>;
 Thu, 01 Sep 2011 12:18:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        bh=pfXyuvRCbheAQtmUufXmgMZwlqTkWNpFCMlZ1uU0PfE=;
        b=Gj/4BAwhdura0YX9c7ZlT3ObkWQsxbF2MMytEFDK3hDsDu3HNrKvxm/ceGIBn1nktW
         WQxgT9wgDrYnUhYRpXVAqhepUHx0oK24+D6ZPDGglAvM9fBS0hxUiutdCd4quQI1oR3v
         TifdhMvckivuq8QTo9Cp5jfvxzxHo/dTmkctk=
MIME-Version: 1.0
Received: by 10.68.41.228 with SMTP id i4mr552344pbl.28.1314904694505; Thu, 01
 Sep 2011 12:18:14 -0700 (PDT)
Received: by 10.68.63.130 with HTTP; Thu, 1 Sep 2011 12:18:14 -0700 (PDT)
In-Reply-To: 
 <CAP-ksojP_VXZXvG+NugYdQPYCjx57H0V8VCPei+AsOwEH0K1vw@mail.gmail.com>
References: 
 <CAP-ksojaTvK1J3zr=Nx2a2B2WRVNNsZORhR7UaLz=swiVtUDwQ@mail.gmail.com>
	<4E5E3E79.6080206@gmx.net>
	<00c701cc67fb$193ca9c0$4bb5fd40$@acm.org>
	<CAP-ksojXhs0czS7Wmw7HKRZMBmz1PoG4OudZJ=1RZ_Ff3-PVWg@mail.gmail.com>
	<CALKqTu8ZcxbO3STDAxLkSpBuf0JNk_S86Np7TbcE7BgAv_X3TA@mail.gmail.com>
	<CAP-ksogjvGGGnT0FMDtoDQCU3KCZv_JN=SRoYLwPA4y0zXqpMQ@mail.gmail.com>
	<010c01cc68d6$6b44c1e0$41ce45a0$@acm.org>
	<CAKTa1miGfSyfPaG3c1uv+VJeMdGAk3W+Zt60NjXJUn_ru2QuAQ@mail.gmail.com>
	<CAP-ksojP_VXZXvG+NugYdQPYCjx57H0V8VCPei+AsOwEH0K1vw@mail.gmail.com>
Date: Thu, 1 Sep 2011 15:18:14 -0400
Message-ID: 
 <CAMwm1vGvfkEbgOvcTAtUv+rY6TZG_bU2_HMVDCxd0qnYr92Krg@mail.gmail.com>
Subject: Re: Request dev help: Info for required crypto export declaration
From: Donald Whytock <dwhytock@gmail.com>
To: ooo-dev@incubator.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 1, 2011 at 3:00 PM, Rob Weir <rob@robweir.com> wrote:
> On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin
> <robertburrelldonkin@gmail.com> wrote:
>> Following the instructions[3], step 1 is to work out whether OOo has
>> any unusual cryptography beyond ECCN 5D002, which is:
>>
>> <blockquote cite=3D'http://www.apache.org/dev/crypto.html#classify>
>> =A0 Software specially designed or modified for the development,
>> production or use of any of the other software of this list, or
>> software designed to certify other software on this list; or
>> =A0 Software using a "symmetric algorithm" employing a key length in
>> excess of 56-bits; or
>> =A0 Software using an "asymmetric algorithm" where the security of the
>> algorithm is based on: factorization of integers in excess of 512 bits
>> (e.g., RSA), computation of discrete logarithms in a multiplicative
>> =A0 group of a finite field of size greater than 512 bits (e.g.,
>> Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in
>> excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve).
>> </blockquote>
>>
>> Does OOo rely on cryptography more exotic than this?
>>
>
> That is where it seems backwards to me. =A0If I'm reading this
> correctly, we are OK if we use a symmetrical algorithm with key length
> greater than ("in excess of") 56-bits. =A0But if we use an algorithm,
> with less thanb 56-bits we're considered exotic? =A0Really?
>
> For example, Calc has a ROT13() spreadsheet function, which
> undoubtedly is a weak symmetrical encryption technique, certainly not
> one with a key length in excess of 56-bits.
>
> So what now? =A0In other words, I'm puzzled by the "in excess" part.
> They seem to be saying that strong encryption is regulated less than
> weak encryption.
>
> Could you explain where I'm getting this wrong?


It looks to me like the key phrase is "any unusual cryptography beyond
ECCN 5D002", and the definition of that phrase is the cited block, as
opposed to the cited block being a definition of ECCN 5D002.

I am having a remarkably hard time finding a definition of ECCN 5D002.

Don