Return-Path: 
 <ooo-dev-return-4673-apmail-incubator-ooo-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-ooo-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-ooo-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id A988A8B46
	for <apmail-incubator-ooo-dev-archive@minotaur.apache.org>;
 Thu,  1 Sep 2011 19:25:46 +0000 (UTC)
Received: (qmail 39576 invoked by uid 500); 1 Sep 2011 19:25:46 -0000
Delivered-To: apmail-incubator-ooo-dev-archive@incubator.apache.org
Received: (qmail 39427 invoked by uid 500); 1 Sep 2011 19:25:45 -0000
Mailing-List: contact ooo-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:ooo-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:ooo-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:ooo-dev@incubator.apache.org>
List-Id: <ooo-dev.incubator.apache.org>
Reply-To: ooo-dev@incubator.apache.org
Delivered-To: mailing list ooo-dev@incubator.apache.org
Received: (qmail 39413 invoked by uid 99); 1 Sep 2011 19:25:45 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Sep 2011 19:25:45 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of robertburrelldonkin@gmail.com
 designates 209.85.218.47 as permitted sender)
Received: from [209.85.218.47] (HELO mail-yi0-f47.google.com) (209.85.218.47)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Sep 2011 19:25:40 +0000
Received: by yia28 with SMTP id 28so1564227yia.6
        for <ooo-dev@incubator.apache.org>;
 Thu, 01 Sep 2011 12:25:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type:content-transfer-encoding;
        bh=Mk8mYNGC7WBgFj0UCwTOHVJJXUDAyV07XAhVWnBVGk4=;
        b=H/bQzPZSSreVR0LYk905SYd5W/GVnqzkwBo1FUINWwn3qNb/k/G7ZeGzsT5RIUctsN
         uloON9rJZsJVnHlC9DadujC/hPPU+QIt9GWWoteZrPjKnivJld2lYWWWViAYGa5x5Nm+
         9xA3/28ils5GPiwccyxe2zV52knCZqfdErf2I=
MIME-Version: 1.0
Received: by 10.236.116.199 with SMTP id g47mr1419516yhh.44.1314905119622;
 Thu, 01 Sep 2011 12:25:19 -0700 (PDT)
Received: by 10.236.203.105 with HTTP; Thu, 1 Sep 2011 12:25:19 -0700 (PDT)
In-Reply-To: 
 <CAMwm1vGvfkEbgOvcTAtUv+rY6TZG_bU2_HMVDCxd0qnYr92Krg@mail.gmail.com>
References: 
 <CAP-ksojaTvK1J3zr=Nx2a2B2WRVNNsZORhR7UaLz=swiVtUDwQ@mail.gmail.com>
	<4E5E3E79.6080206@gmx.net>
	<00c701cc67fb$193ca9c0$4bb5fd40$@acm.org>
	<CAP-ksojXhs0czS7Wmw7HKRZMBmz1PoG4OudZJ=1RZ_Ff3-PVWg@mail.gmail.com>
	<CALKqTu8ZcxbO3STDAxLkSpBuf0JNk_S86Np7TbcE7BgAv_X3TA@mail.gmail.com>
	<CAP-ksogjvGGGnT0FMDtoDQCU3KCZv_JN=SRoYLwPA4y0zXqpMQ@mail.gmail.com>
	<010c01cc68d6$6b44c1e0$41ce45a0$@acm.org>
	<CAKTa1miGfSyfPaG3c1uv+VJeMdGAk3W+Zt60NjXJUn_ru2QuAQ@mail.gmail.com>
	<CAP-ksojP_VXZXvG+NugYdQPYCjx57H0V8VCPei+AsOwEH0K1vw@mail.gmail.com>
	<CAMwm1vGvfkEbgOvcTAtUv+rY6TZG_bU2_HMVDCxd0qnYr92Krg@mail.gmail.com>
Date: Thu, 1 Sep 2011 20:25:19 +0100
Message-ID: 
 <CAKTa1mguj-vXt7Cd=NgpnGCTFhR2hkDugcH+HvNwNdrNfR0hNw@mail.gmail.com>
Subject: Re: Request dev help: Info for required crypto export declaration
From: Robert Burrell Donkin <robertburrelldonkin@gmail.com>
To: ooo-dev@incubator.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On Thu, Sep 1, 2011 at 8:18 PM, Donald Whytock <dwhytock@gmail.com> wrote:
> On Thu, Sep 1, 2011 at 3:00 PM, Rob Weir <rob@robweir.com> wrote:
>> On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin
>> <robertburrelldonkin@gmail.com> wrote:
>>> Following the instructions[3], step 1 is to work out whether OOo has
>>> any unusual cryptography beyond ECCN 5D002, which is:
>>>
>>> <blockquote cite=3D'http://www.apache.org/dev/crypto.html#classify>
>>> =A0 Software specially designed or modified for the development,
>>> production or use of any of the other software of this list, or
>>> software designed to certify other software on this list; or
>>> =A0 Software using a "symmetric algorithm" employing a key length in
>>> excess of 56-bits; or
>>> =A0 Software using an "asymmetric algorithm" where the security of the
>>> algorithm is based on: factorization of integers in excess of 512 bits
>>> (e.g., RSA), computation of discrete logarithms in a multiplicative
>>> =A0 group of a finite field of size greater than 512 bits (e.g.,
>>> Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in
>>> excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve).
>>> </blockquote>
>>>
>>> Does OOo rely on cryptography more exotic than this?
>>>
>>
>> That is where it seems backwards to me. =A0If I'm reading this
>> correctly, we are OK if we use a symmetrical algorithm with key length
>> greater than ("in excess of") 56-bits. =A0But if we use an algorithm,
>> with less thanb 56-bits we're considered exotic? =A0Really?
>>
>> For example, Calc has a ROT13() spreadsheet function, which
>> undoubtedly is a weak symmetrical encryption technique, certainly not
>> one with a key length in excess of 56-bits.
>>
>> So what now? =A0In other words, I'm puzzled by the "in excess" part.
>> They seem to be saying that strong encryption is regulated less than
>> weak encryption.
>>
>> Could you explain where I'm getting this wrong?
>
>
> It looks to me like the key phrase is "any unusual cryptography beyond
> ECCN 5D002", and the definition of that phrase is the cited block, as
> opposed to the cited block being a definition of ECCN 5D002.
>
> I am having a remarkably hard time finding a definition of ECCN 5D002.

EAR 740.13(e) should be on
http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=3Decfr&sid=3Dbad7a54a314303=
03e17ce648c13e51b3&rgn=3Ddiv5&view=3Dtext&node=3D15:2.1.3.4.25&idno=3D15#15=
:2.1.3.4.25.0.1.13

Robert