> Jeffrey Altman wrote:
> > Calling OpenSSL (or any other API that encrypts messages) is
> > "crypto with a hole". This is illegal to export from the United
> > States.
>
> Realy? Do you explicitly call any non-export algortihm?
> I could understand Kerberos, where DES was called,
> so DES calls had to be removed, but your case looks different...
>
> BTW: If you're right then any software using Microsoft
> CryptoAPI breaks EAR regulations.
CryptoAPI doesn't break EAR regulations because the strength of the
crypto available to the application is strictly controlled by
Microsoft.
The problem with placing hooks to OpenSSL and shipping my code outside
of the U.S. is that I can't control the strength of the encryption
used by the underlying libraries.
This may all change in the near future, but at the present moment it
is illegal to ship code linked to OpenSSL.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
