This is the mail archive of the
gcc-help@gcc.gnu.org
mailing list for the GCC project.
Re: gcc Export Control ECCN number if covered under EAR
- From: Jeffrey Walton <noloader at gmail dot com>
- To: "Farhat, Sam (GE Aviation, US)" <samgeorge dot farhat at ge dot com>
- Cc: Ian Lance Taylor <ianlancetaylor at gmail dot com>, "gcc-help at gcc dot gnu dot org" <gcc-help at gcc dot gnu dot org>
- Date: Tue, 27 Oct 2015 20:04:16 -0400
- Subject: Re: gcc Export Control ECCN number if covered under EAR
- Authentication-results: sourceware.org; auth=none
- References: <458FFE725E87A649A6C091FCD57F344E06DEF8AD at ALPMBAPA11 dot e2k dot ad dot ge dot com> <CAKOQZ8yjCBU0s+iAcwdtEgp6ADcPrNkcQR8LR9kT4jY+qjo-zg at mail dot gmail dot com> <458FFE725E87A649A6C091FCD57F344E06DEFB41 at ALPMBAPA11 dot e2k dot ad dot ge dot com>
- Reply-to: noloader at gmail dot com
On Mon, Oct 26, 2015 at 9:11 PM, Farhat, Sam (GE Aviation, US)
<samgeorge.farhat@ge.com> wrote:
> Thanks for clearing that up.
> Online search was conflicting, some pages with emails indicated there is encryption code in libgcj, in this link: https://gcc.gnu.org/ml/gcc/2006-02/msg00051.html
>
> Is that incorrect information?
If its *only* hashing as stated by the fellow Tom, then the answer is
likely NO, GCC does not need to self classify.
GCC can even use public key and secret/shared key algorithms as long
as its used for authentication *only*. There's also a "NLR" or "No
License Required" exception for public key and secret/shared key
algorithms algorithms < 64 bits (IIRC), but I've never seen anyone use
it.
However, as soon as the algorithm is used for *encryption* (and its
64-bits or greater), then a commodity product must self classify.
Also, GCC's (or even OpenSSL or Crypto++) requirements are easier than
commodity products using them. The only action projects like GCC,
OpenSSL and Crypto++ have to do is send an email to the Encryption
Coordinator (the email address and the Ft. Meade, MD mailing address
is the NSA, btw).
Commodity products would have to do more, like signing up for the
SNAP-R account, creating and uploading documentation, uploading
required forms, sending printed copies of the documentation to the
Encryption Coordinator via snail mail, etc.
(Sorry if I am speaking out of turn. I've been through the process four times).
Jeff