From: Xavier Leroy <xavier.leroy@inria.fr>
To: Sven <luther@dpt-info.u-strasbg.fr>
Cc: caml-list@inria.fr
Subject: Re: [Caml-list] Cryptokit: cryptographic library for OCaml
Date: Fri, 5 Apr 2002 21:36:31 +0200 [thread overview]
Message-ID: <20020405213631.A8035@pauillac.inria.fr> (raw)
In-Reply-To: <20020405162920.E21403@dpt-info.u-strasbg.fr>; from luther@dpt-info.u-strasbg.fr on Fri, Apr 05, 2002 at 04:29:20PM +0200
> Mmm, what are the legal restriction related to this ? Is it legal to
> distribute it in france (legislation may have changed since last i checked
> about such things a few years ago) ? Is it legal to distribute it from an US
> based server (i think yes, but you would need to declare the software to the
> NSA or something such).
I wish I knew for sure :-) I spent significant time reading the French
laws on the DCSSI Web site
(http://www.scssi.gouv.fr/fr/reglementation/index.html).
(FYI, the DCSSI is roughly the French equivalent of the NSA.)
It appears that cryptographic means ("moyens de cryptographie",
whatever that means) are regulated differently depending on whether
they are used for authentication (passwords, signature, data
integrity), confidentiality (encryption), copy protection, in mobile
phones, for bank transactions, in spread-spectrum devices, etc.
>From this list, it appears that only whole software applications or
hardware devices are subject to regulations. A library like my
Cryptokit doesn't by itself ensure authentication, confidentiality,
etc: this is a property of the application that uses it. Cryptokit
just transforms streams of bytes in various ways. Heck, you could use
the AES implementation it provides just to generate pseudo-random
numbers (don't laugh -- the PRNG in the library does exactly this).
So, I think I'm not violating any French regulation by distributing
this library. Now, if you use it in a program, it is up to you to
make sure you comply with the law. (E.g. a Caml-powered
spread-spectrum device is a no-no :-)
As for other countries, I haven't the least idea of their regulations.
To get definitive answers to your questions, you'll need to consult a
competent lawyer, not me.
- Xavier Leroy
-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
next prev parent reply other threads:[~2002-04-05 19:36 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-04-05 14:02 Xavier Leroy
2002-04-05 14:29 ` Sven
2002-04-05 14:18 ` Remi VANICAT
2002-04-05 15:29 ` Sven
2002-04-05 15:10 ` Julian Assange
2002-04-05 19:36 ` Xavier Leroy [this message]
2002-04-07 17:17 ` Julian Assange
2002-04-05 15:01 Krishnaswami, Neel
2002-04-05 15:12 ` Sven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20020405213631.A8035@pauillac.inria.fr \
--to=xavier.leroy@inria.fr \
--cc=caml-list@inria.fr \
--cc=luther@dpt-info.u-strasbg.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).