seankhliao
commented
6 months ago cc @golang/security
Closed dkwakkel closed 6 months ago
seankhliao
commented
6 months ago cc @golang/security
rolandshoemaker
commented
6 months ago I don't think this is something we want to do. We are not lawyers, nor experts in export control regulations, and any advice we provide on this matter is likely to be flawed to the point of being dangerous (and I believe Google's lawyers would quickly get angry at us).
Additionally anyone who is using Go to build their own software would need to make their own determinations about their own classifications regardless, and providing guidance specific to Go crypto code is likely to only muddy the waters on such matters. This is something for lawyers who specialize in this topic to handle, and are answerable to the people who need the classification, not software engineers.
Proposal Details
Is it possible to provide ECCN classification (preferable somewhere on https://pkg.go.dev/golang.org/x/crypto?utm_source=godoc)? See: https://www.bis.doc.gov/index.php/licensing/commerce-control-list-classification/export-control-classification-number-eccn
(this is needed by companies to conform US export regulations).