From: Michal Trojnara <[EMAIL PROTECTED]> > Jeffrey Altman wrote: > > Calling OpenSSL (or any other API that encrypts messages) is > > "crypto with a hole". This is illegal to export from the United > > States. > > Realy? Do you explicitly call any non-export algortihm? > I could understand Kerberos, where DES was called, > so DES calls had to be removed, but your case looks different... > > BTW: If you're right then any software using Microsoft > CryptoAPI breaks EAR regulations. Not really, because (in theory at least!) CryptoAPI CSPs (Crypto Service Provider modules that implement the algos offered by CryptoAPI) need to be digitally signed by Microsoft in Redmond for your security and to keep the NSA from labelling CryptoAPI as CWAH. Microsoft, in compliance with the NSA, will only sign US CSP modules. Regards, J. Andrew Hall. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
