To everybody following this discussion, I have located the following :) This information was obtained from http://www.bis.doc.gov/Encryption/EncFAQs6_17_02.html#6
When is a "review request" or "notification" NOT required? No review or notification is required to export any encryption item to overseas subsidiaries of U.S. companies (except subsidiaries in Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria - this includes "exports" and "reexports," as defined by Section 734.2 of the EAR, of encryption source code and technology to foreign nationals of these countries) for internal company use, including the development of new products. Likewise, no review or notification is required for encryption items with limited cryptographic capabilities described in the Technical and Related Control notes under ECCN 5A002 of Category 5, Part 2 ("Information Security") of the Commerce Control List (Supplement No. 1 to Part 774 of the EAR), such as authentication, access control, digital signature, copy protection, banking use or money transactions ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]