Subject: [boost] Questions to help me determine export classification of Boost libraries
From: Ben Fritz (benjamin.fritz_at_[hidden])
Date: 2014-12-19 10:27:02
One of the contractors I'm working with has delivered code to us that pulls
in a few boost libraries. In order to release this code to our customer, I
need to determine the Export Control Classification Number (ECCN) of the
boost libraries. I see in the archives that someone has asked for the ECCN
directly without success (
http://lists.boost.org/boost-users/2008/01/33241.php) so I'm currently
trying to use a questionnaire put together by some of the export experts
within my company to figure this out. If there is an ECCN already listed
somewhere, please point me to it, otherwise I'll continue.
I'm interested specifically in version 1.56.0 of the boost libraries.
However, since I don't see any major additions or deletions in the 1.57.0
release notes, I assume the answers will apply to both versions.
Apparently the export classification is primarily based on two things:
1. Does the library have anything specifically designed for military use?
I'm assuming the answer to this is "no". Please correct me if I'm wrong.
2. Does the library include any strong encryption? This includes symmetric
or asymmetric encryption with certain key lengths, cryptanalytic functions,
intrusion detection, quantum cryptography, "reduce information-bearing
signals" (not sure what that is), and other cryptographic technology.
I looked through the list of libraries documented here:
>From the description of each library, I was mainly concerned with
Boost.Algorithm, Boost.Asio, and Boost.Uuid.
>From the documentation of Boost.Algorithm at
it looks like there is no encryption technology in the library. Can someone
Boost.Asio contains some SSL interfaces, which undoubtedly contains
encryption technology. However, according to
interfaces require OpenSSL to be used. Does this mean that the Boost.Asio
library itself does not contain encryption, it only provides an interface
to another library which does the encryption? I.e., is it a true statement,
that Boost.Asio contains no encryption technology in either its source code
or in the compiled binary, and that in order to use encryption I would need
to link in a separate library?
Boost.Uuid contains some cryptographic hash features. However, I understand
that a cryptographic hash cannot by itself provide any message encryption,
so I do not believe this should qualify. Is there anything I'm missing
here? Does Boost.Uuid contain other technology that might qualify?
Please also let me know if I missed any encryption in other Boost
libraries, as I only looked at the library descriptions, and am not
familiar with any of the library functionality.
-- Ben Fritz