[gpgtools-users] [gpgtools-devel] Joint OpenPGP (JS) implementation

Nicholas Cole nicholas.cole at gmail.com
Sat Nov 26 18:25:22 CET 2011


>>>>>>>> It seems to be clear that there is a big demand of a single core
>>>>> JavaScript OpenPGP implementation and we find more and more
>>>>> projects and developers.

Dear Lists,

All these projects are very interesting.  Forgive a slightly off-topic
but important question that they raise, though.

What are the legal implications of contributing to these sorts of
wrapper projects?  Do such projects count as "export" of "dual use"
cryptography for the purpose of EU and USA laws?

In the past, such questions have caused open source projects no end of
headaches:

http://www.debian.org/legal/cryptoinmain

The "crypto law survey" attempts to answer some of these questions.

Following the links for the UK and the USA, it looks to me as if *any*
project that facilitates the use of cryptography would have to take
legal advice, even if it is merely a wrapper for another program or
library, and would have to be careful about where it was hosted, and
who it accepted contributions from.

Is that correct?

The GPG project itself must have hit many of these issues.  Is there a
write-up anywhere of their conclusions?  Something like that might be
helpful for other people starting these sorts of projects.

Best wishes,

Nicholas
(I am not a lawyer...)



More information about the Gnupg-users mailing list