Deployment:Deploying Firefox: Difference between revisions

Jump to navigation Jump to search

Deployment:Deploying Firefox (view source)

Revision as of 21:11, 21 July 2017

1,055 bytes removed ,  21 July 2017
update export control information
(update export control information)
Line 103: Line 103:
== United States Export Control Information ==
== United States Export Control Information ==


Companies looking to provide Mozilla Software outside the United States often ask about Export Control provisions to comply with US laws and regulations.
Firefox and NSS are publicly available software not subject to the Export Administration Regulations (EAR) per EAR 734.3(b) and 734.7. Because Firefox is not subject to the EAR it does not have an Export Control Classification Number (ECCN). Mozilla has completed the notification for Firefox and NSS publicly available encryption source code per EAR 742.15(b).


The '''Export Notice''' can be found at
The '''Export Notice''' can be found at
http://ftp.mozilla.org/pub/mozilla.org/security/export-notice
http://ftp.mozilla.org/pub/mozilla.org/security/export-notice


In 2002, NSS 3.4 requested a '''CCATS''' commodity classification id '''G023895''' to make it easier for companies to file when they include NSS or Mozilla Applications such as Firefox which use NSS.
More information on exporting products made from Open Source can be found at https://www.bis.doc.gov/encryption/enc.htm and https://www.access.gpo.gov/bis/ear/ear_data.html.  
http://www.mozilla.org/projects/security/pki/nss/nss-3.4/nss-3.4-algorithms.html
This CCATS filing covered all the crypto operations used in the Mozilla code base, including SSL and S/MIME. 
 
More recent versions of NSS have not filed for further CCATS numbers, instead claiming a TSU exemption via 740.13(3) of the EAR because the NSS crypto code is "''publicly available''" and the binaries are built from purely open source software. 
 
: ''NB : the associated '''ECCN''' for software packages that include NSS is likely to be 5D002.c.1 (TSU unrestricted, via EAR 740.13(e)).  One could theoretically request a review of a specific set of binaries for authorization under 5D992.b.1 ("No License Required", but it's not known whether anyone has.  See Frank Hecker's Jan 2005 post: http://hecker.org/mozilla/eccn )''
 
More information on exporting products made from Open Source can be found at https://www.bis.doc.gov/encryption/enc.htm and http://www.access.gpo.gov/bis/ear/ear_data.html  
(Part 740. Section §740.13(e) is on page 30 of the PDF).  


We strongly caution you not to act on your personal reading of export regulations.  They are complex and loaded with history, precedent, and context which often require interpretation from a qualified attorney.
We strongly caution you not to act on your personal reading of export regulations.  They are complex and loaded with history, precedent, and context which often require interpretation from a qualified attorney.
Most questions about features provided by Mozilla's security library are contained in this document:
http://www.mozilla.org/projects/security/pki/nss/nss-3.9/nss-3.9-algorithms.html


== Other Links ==
== Other Links ==
Ellee
4

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1176283"

Navigation menu