From: bert hubert <bert.hubert@netherlabs.nl>
Date: Mon, 8 Dec 2014 14:36:34 +0000 (+0100)
Subject: add export control notes to markdown documentation
X-Git-Tag: rec-3.7.0-rc1~136
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=809c807528b8c29daf4ff0b6c75736ac6d59192b;p=pdns

add export control notes to markdown documentation
---

diff --git a/pdns/docs/markdown/appendix/crypto-notes-export.md b/pdns/docs/markdown/appendix/crypto-notes-export.md
new file mode 100644
index 000000000..51a7eaa2d
--- /dev/null
+++ b/pdns/docs/markdown/appendix/crypto-notes-export.md
@@ -0,0 +1,28 @@
+# Cryptographic software and export control
+In certain legal climates, PowerDNS might potentially require an export control status, particularly since PowerDNS software contains cryptographic primitives.
+
+PowerDNS does not itself implement any cryptographic algorithms but relies on third party implementations of AES, RSA, ECDSA, GOST, MD5 and various SHA-based hashing algorithms.
+
+Furthermore, RSA, MD5 and the SHA-based algorithms are supplied as a copy of [PolarSSL](http://www.polarssl.org/).
+
+Optionally, PowerDNS can link in a copy of the open source [Botan](http://botan.randombits.org/) cryptographic library.
+
+Optionally, PowerDNS can link in a copy of the open source [Crypto++](http://www.cryptopp.com/) library.
+
+## Specific United States Export Control Notes
+
+PowerDNS is not "US Origin" software. For re-export, like most open source,
+publicly available "mass market" projects, PowerDNS is considered to be
+governed by section 740.13(e) of the US EAR, "Unrestricted encryption source
+code", under which PowerDNS source code would be considered re-exportable
+from the US without an export license under License Exception TSU
+(Technology and Software - Unrestricted).
+
+Like most open source projects containing some encryption, the ECCN that
+best fits PowerDNS software is 5D002.
+
+The official link to the publicly available source code is
+<http://downloads.powerdns.com/releases>.
+
+If absolute certainty is required, we recommend consulting an expert in US
+Export Control, or asking the BIS for confirmation.
diff --git a/pdns/docs/mkdocs.yml b/pdns/docs/mkdocs.yml
index 64494716f..e5f93a2b5 100644
--- a/pdns/docs/mkdocs.yml
+++ b/pdns/docs/mkdocs.yml
@@ -61,6 +61,7 @@ pages:
   - [security/powerdns-advisory-2006-02.md, 'Security', 'Advisory 2006-02']
   - [security/powerdns-advisory-2006-01.md, 'Security', 'Advisory 2006-01']
   - [appendix/backend-writers-guide.md, 'Tools and Appendices', "Backend Writer's Guide"]
+  - [appendix/crypto-notes-export.md, 'Tools and Appendices', "Cryptographic software and export control"]
   - [appendix/documentation.md, 'Tools and Appendices', "Documentation details"]
   - [appendix/compiling-powerdns.md, 'Tools and Appendices', 'Compiling PowerDNS']
   - [tools/analysis.md, 'Tools and Appendices', 'DNS Analysis Tools']