Open Source encryption components and exporting applicationsDec 15, 2000, 20:30 (0 Talkback[s])
(Other stories by Eric Lee Green)
[ Thanks to Eric Lee Green for this report: ]
I received a phone call today from a lady with the U.S. Bureau of Export Administration (BXA) who'd read my AEScrypt page (the URL of which I'd submitted to them for an export license exemption as required by U.S. export regulations, see crypto.com for more info). aescrypt is of course Open Source. She wished to remind me that any application built using Open Source encryption components had to also be submitted to the BXA for the proper export license or license exemption if the application was to be exported. The export license for the component covers only the component, not applications that use the component. The fact that the component itself is Open Source and thus may be freely exported does not matter.
Hopefully this reminder will prevent problems on the part of those who use AEScrypt or other Open Source encryption components as part of a larger application.