> I'm sure there are export rules
> within each of those countries, but that's a another issue you may need
> to deal with.
No, this ITAR business is all just US-specific. All over the free
world you're free to use and distribute decent cryptography without
any govt pestering you.
To be more specific: In some countries the *use* of strong
cryptography is outlawed or strictly regulated (IIRC these include
Pakistan, Russia and France). But about everywhere else the use, im-
and export of strong cryptography is plain legal. If anyone sent me a
CDROM containing an implementation of DES or RSA or any other strong
crypto I'd be allowed to use it here in Germany. Of course, sending
it from the US wouldn't be too good an idea.
But that all doesn't mean we're not allowed to use e.g. DES or don't
have any decent implementation around. Both DES and RSA come with
the non-US version of PGP, with ssh and e.g. with OpenBSD (being
distributed from Canada, not the US).
Talking about OpenBSD, I'm surprised that major US companies haven't
long ago moved their crypto-related development teams and CDROM
pressing facilities to Tijuana, Vancouver or some nice carribean
Ben(edikt)? Stockebrand Runaway ping.de Admin---Never Ever Trust Old Friends
My name and email address are not to be added to any list used for advertising
purposes. Any sender of unsolicited advertisement e-mail to this address im-
plicitly agrees to pay a DM 500 fee to the recipient for proofreading services.