> Hi, apologies if this has already been covered, but I did not find it
> specifically in the faq or by googling.

You really need to read the actual BXA regulations and, if you plan to rely
on the advice, hire an attorney.

> Has anyone received sound legal advice about the rules for U.S. citizens
> for distributing openssl as part of a software bundle?

You would have to secure export permission either for the entire bundle or
for each cryptographic package individually. If they are all open source,
this is not difficult. There is a license exemption.

> Specifically,
> I'd like to make a LiveCD that includes openssl libraries. Will I run
> afoul of the U.S. export laws in doing so?

There is no way to say based on just the information you gave. My answer
would be: I hope you follow the law and don't.

> Does it make any difference
> if the the openssl library is in the base Linux distribution already?

It does for OpenSSL, but I presume OpenSSL is being distributed along with
other things that are going to use it. Those other things are cryptographic
software (or cyptographic-enabled software) as well.

The BXA doesn't care how you get the encryption done, whether an
application has its own routines or calls a library, if the end result is
cryptography, it's cryptographic software.


__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org