Regarding exportability, last I heard export restrictions had been relaxed somewhat for friendly nations. However I'm not American and do not live in the US so not sure.
Please, the situation is confusing enough without uninformed speculation.
Exporting something which implements HTTP/SSL -- full strength -- is just a matter of paperwork; you can export to all but a half-dozen countries (including, according to information from a couple of weeks ago, "those parts of Afghanistan controlleld by the Taliban" :).
Exporting full-strength cryptography for other purposes (e.g., digital signature, arbitrary encryption, etc), is fairly easy to get for about 75% of the world. Some places will be difficult.
How do I know? I just finished the process for our full-strength XML firewall and security gateway (see URL below). It does full implementations of XML DSIG and XML Encryption.
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]