Okay, I've read the latest version of the regs. As usual, they're long and
confusing, with exceptions to the exceptions to the exceptions. But
several things seem to stand out.
1. You can export pretty much anything to anyone but a foreign
government or to the seven pariah countries (Libya, Iraq, etc).
2. You can export anything that's publicly available (retail products,
source code, toolkits, etc) to anybody, including a foreign
government, as long as they're not in one of the seven pariah
countries.
3. When posting free crypto (source or object) on the net, you don't
need to implement any form of access control, even though this would
make it technically possible for one of the seven pariah countries to
download it.
4. The bottom line is, the only stuff that's still controlled is
proprietary encryption provided directly to a foreign government, or
to the pariah countries.
Do I have all this right so far?
What still confuses me are the circumstances that let you just send
an email pointer to BXA, and which ones require a review of some
sort before you can export.
Phil
