> the OpenSSL project was not accepting code from US sources. Has this policy changed?
Yes. The various members of the openssl-core team either
agree that the current regulations remove their concern; or
feel that even though there are issues it's not worth dealing with now
US contributions can be submitted. They just have to be good enough to
be accepted. :)
Multiple interoperable implementations are usually a good thing. But
when the talent pool is so small, and the (perceived? :) importance of
the product is so great, I agree that the open source community is best
served by rallying around a single implementation. Simpson's original
note, asking for reviewers of the NSS code, can be seen as a proof point
of this. There are plenty of closed-source SSL/TLS/etc implementations
for interop testing.
Flogging one of my own personal horses, the integration of CDSA and
OpenSSL (being started by Intel) will be a very good thing.
/r$