To everybody following this discussion, I have located the following :)
This information was obtained from
http://www.bis.doc.gov/Encryption/EncFAQs6_17_02.html#6
When is a "review request" or "notification" NOT required?
No review or notification is required to export any encryption item to
overseas subsidiaries of U.S. companies (except subsidiaries in Cuba, Iran,
Iraq, Libya, North Korea, Sudan and Syria - this includes "exports" and
"reexports," as defined by Section 734.2 of the EAR, of encryption source
code and technology to foreign nationals of these countries) for internal
company use, including the development of new products. Likewise, no review
or notification is required for encryption items with limited cryptographic
capabilities described in the Technical and Related Control notes under ECCN
5A002 of Category 5, Part 2 ("Information Security") of the Commerce Control
List (Supplement No. 1 to Part 774 of the EAR), such as authentication,
access control, digital signature, copy protection, banking use or money
transactions
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
