>How exportable are they when no part of your company is in the USA or
>your head office (where you want to manage keys from, naturally) is NOT
>in the USA ? Should we fax a copy of the keys used to the NSA every time
>a client connects ? :)
Then for V-One, TIS, & Eagle there is an ITAR issue but why wouldn't you
look for something at home ? US (NSA) would not be involved at all.
OTOH, the situation of foreign companies wanting to communicate with
US sites is how I interpreted item 3 of the December draft criteria: that
the US would enter into agreements with other foreign sovereigns not only
where the US would hold the keys but also to define situations whereby
licensed agents in other countries would hold the keys of their domestic
These approved mechanisms would also be granted free export from the US
(import/use is not currently regulated).
The purpose is not so much for the US alone but also to provide a common
approved mechanism for use in those countries which currently regulate such