Subject: Re: [boost] Questions to help me determine export classification of Boost libraries
From: Rob Stewart (robertstewart_at_[hidden])
Date: 2014-12-20 06:13:54
On December 19, 2014 5:14:43 PM EST, Ben Fritz <benjamin.fritz_at_[hidden]> wrote:
>I do not think it is unreasonable to answer the question, "does this
>library contain encryption software?"
>I understand my original question may be overly broad as asked. Let me
>to be more specific.
>1. Does Boost.ASIO contain any encryption software itself, or does it
>on OpenSSL for all of its encryption?
>2. Does Boost.UUID contain any code to actually encrypt message
>only the code to calculate a hash/digest?
>I had hoped, since I am not familiar with the code, that someone could
>"yeah, none of the other libraries contain encryption technology". But
>can see why that would be hard for any one person to answer. Would I be
>better off asking about every library individually?
You will need to ask about each library individually to get the attention you need in each case. The [library] notation in the subject line mentioned at http://www.boost.org/community/policy.html often is used to filter mail from this list.
However, as others have pointed out, there's a problem with understanding what is and isn't encryption, as applicable to the export laws, so any answer you get could be wrong. Thus Karen's advice to hire a consultant to work with a lawyer in order to find any problematic code in Boost seems the only viable option.
(Sent from my portable computation engine)