Export Control Question re: Apache Crimson

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Export Control Question re: Apache Crimson

Erin Clark-2

Hi All:

                   

I’m assisting a client with the export classification of their product and the subject product utilizes Apache Crimson v.1.1.3.  Do you know who might be the correct developer(s) for this open source code?  If it’s you all, do you happen to know what the Export Control Classification Number (ECCN) for this code?  If you don’t know the ECCN, can you please respond to the following questions at your convenience?

 

a.     Does the code perform cryptographic functions (i.e., encryption/decryption)?

b.    Does the code contain any cryptographic algorithms (i.e., 3DES, Diffie-Helman, Blowfish, Rijndael, RC4, RSA) (whether or not these algorithms are actually being used by the software)?

c.     Is the code capable of interfacing with, calling to, using, invoking or enabling/disabling the cryptographic features within other software or within the underlying platform in any way?

d.    Is the code capable of performing message digesting/hashing (i.e., MD5, RIPEMD, SHA, Tiger), fixed data compression or authentication?

e.     Does the code contain/utilize and open cryptographic interface (OCI), where the cryptographic capabilities of the code are user-accessible and/or modifiable?  (See below for a more detailed definition of OCI.)  

 

If ‘yes’ to any of the above, please provide detailed response.

(Open cryptographic interface - A mechanism which is designed to allow a customer or other party to insert cryptographic functionality without the intervention, help or assistance of the manufacturer or its agents (i.e., manufacturer's signing of cryptographic code or proprietary interfaces). If the cryptographic interface implements a fixed set of cryptographic algorithms, key lengths or key exchange management systems, that cannot be changed, it will not be considered an "open" cryptographic interface. All general application programming interfaces (i.e., those that accept either a cryptographic or non-cryptographic interface, but do not themselves maintain any cryptographic functionality) will not be considered "open" cryptographic interfaces either.)

Please let me know if you have any questions for me and many thanks in advance for your assistance.

 

Regards,

Erin

 

 

Erin Clark

Export Compliance Manager

Sandler & Travis Trade Advisory Services, Inc.

 

|phone  248.699.1588 | cell  619.997.4197 | fax 619.330.2336 | Web | [hidden email] |

 

This is a transmission from Sandler & Travis Trade Advisory Services, Inc. and is solely for the use of the intended addressee. It may contain information which is confidential and subject to attorney client privilege.  If you are not the intended recipient, please e-mail the sender and destroy all copies of this message and any attachment.  Any unauthorized use of the contents of the message or attachments is strictly prohibited.

 

P PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING

 

Reply | Threaded
Open this post in threaded view
|

Re: Export Control Question re: Apache Crimson

Shane Curcuru-2
Most information about ECCN numbers at the ASF can be found here:
  http://www.apache.org/licenses/exports/

Apache Crimson is in "hibernation" and is no longer actively being
developed.  We strongly recommend - from a technical viewpoint - that
everyone switch to using Apache Xerces instead:

  http://xerces.apache.org/#xerces2-j

I'm not personally familiar with the Apache Crimson code, but if I had
to take a guess, I'd say there isn't any encryption functionality in the
product.

Sorry I can't answer your specific questions.

- Shane

Erin Clark wrote:

> Hi All:
>
>                    
>
> I’m assisting a client with the export classification of their product
> and the subject product utilizes Apache Crimson v.1.1.3.  Do you know
> who might be the correct developer(s) for this open source code?  If
> it’s you all, do you happen to know what the Export Control
> Classification Number (ECCN) for this code?  If you don’t know the ECCN,
> can you please respond to the following questions at your convenience?
>
>  
>
> a.     Does the code perform cryptographic functions (i.e.,
> encryption/decryption)?
>
> b.    Does the code contain any cryptographic algorithms (i.e., 3DES,
> Diffie-Helman, Blowfish, Rijndael, RC4, RSA) (whether or not these
> algorithms are actually being used by the software)?
>
> c.     Is the code capable of interfacing with, calling to, using,
> invoking or enabling/disabling the cryptographic features within other
> software or within the underlying platform in any way?
>
> d.    Is the code capable of performing message digesting/hashing (i.e.,
> MD5, RIPEMD, SHA, Tiger), fixed data compression or authentication?
>
> e.     Does the code contain/utilize and open cryptographic interface
> (OCI), where the cryptographic capabilities of the code are
> user-accessible and/or modifiable?  (See below for a more detailed
> definition of OCI.)  
>
>  
>
> /If ‘yes’ to any of the above, please provide detailed response./
>
> (Open cryptographic interface - A mechanism which is designed to allow a
> customer or other party to insert cryptographic functionality without
> the intervention, help or assistance of the manufacturer or its agents
> (i.e., manufacturer's signing of cryptographic code or proprietary
> interfaces). If the cryptographic interface implements a fixed set of
> cryptographic algorithms, key lengths or key exchange management
> systems, that cannot be changed, it will not be considered an "open"
> cryptographic interface. All general application programming interfaces
> (i.e., those that accept either a cryptographic or non-cryptographic
> interface, but do not themselves maintain any cryptographic
> functionality) will not be considered "open" cryptographic interfaces
> either.)
>
> Please let me know if you have any questions for me and many thanks in
> advance for your assistance.
>
>  
>
> Regards,
>
> Erin
>
>  
>
>  
>
> *Erin Clark*
>
> Export Compliance Manager
>
> *
> ------------------------------------------------------------------------
> *
>
> *Sandler & Travis Trade Advisory Services, Inc.*
>
> / /
>
> |*/phone/*  248.699.1588 |* /cell/*  619.997.4197 | */fax/* 619.330.2336
> | *_Web
> <http://webmail.sttasonline.com/exchweb/bin/redir.asp?URL=http://www.strtrade.com/>_*
> | *_eMail <mailto:[hidden email]>_* |
>
>  
>
> /This is a transmission from Sandler & Travis Trade Advisory Services,
> Inc. and is solely for the use of the intended addressee. It may contain
> information which is confidential and subject to attorney client
> privilege.  If you are not the intended recipient, please e-mail the
> sender and destroy all copies of this message and any attachment.  Any
> unauthorized use of the contents of the message or attachments is
> strictly prohibited/.
>
>  
>
> *P* *PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING*
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]