Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
I Am Not A Lawyer, not an expert in matters of export regulations, and I do not represent the CVSNT development team. However, I've researched the export regulations regarding CVSNT and this is what I've found (since I too need to comply with these regulations). If you are a US citizen or work for a US company and want to export CVSNT, read the regulations yourself to be certain. Better yet, have your lawyer read it. >From what I've read, CVSNT has an ECCN of 5D002 and qualifies for a license exemption TSU. This means that even though it has strong encryption, there is no export license required according to the EAR. Here are the characteristics of CVSNT that I have found that affect it's status under the U.S. Export Administration Regulations (EAR): --It is publicly available as source and object code --It contains strong encryption (MIT's Kerberos, SSH via PuTTY, and the UNIX crypt function) --Each of those strong encryption products are also publicly available in source and object form. Here's the path of regulations to follow so maybe you won't need to take so much time to unravel it (their FAQ is riddled with references to these sections, so it is actually easier IMHO to go straight to the regulations): Definition of 5D002, in the Commerce Control List Category 5 Part 2: http://w3.access.gpo.gov/bis/ear/pdf/ccl5-pt2.pdf Defined 5D002 as being software with strong encryption. CVSNT, according to it's author, has several strong encryption products in it: SSH (via PuTTY), MIT Kerberos, and UNIX crypt. All the source code is available with the application. EAR Section 734 (refer to section 734.3(b)(3)): http://w3.access.gpo.gov/bis/ear/pdf/734.pdf Section 734 lists what is subject to the EAR, (b) is exceptions to that list, and (3) lists publicly available software & technology except software covered by 5D002. Per 734.7, Open source code and it's associated object code that are both publicly available are still subject to EAR if they are controlled by 5D002. EAR Section 740 (refer to section 740.13(e)): http://w3.access.gpo.gov/bis/ear/pdf/740.pdf Says that software that is publicly available according to 734.3(b)(3) is eligible for export license exemption TSU. Note that there are still restrictions and reporting requirements that the US company must adhere to when exporting CVSNT, consult the regulations on the BXA website for more information. Specifically, look at the link below and sections 740.13(e)(3) - (6). http://www.bxa.doc.gov/encryption/PubAvailEncSourceCodeNofify.html Encryption Policy Q&A: http://www.bxa.doc.gov/Encryption/Q&A18oct.htm Regards, Glen Starrett