> Really? I am not doing any static linking with libssl, only dynamic, so I > don't believe that I am including any crypto.
I'm not sure that that matters. The BXA refers to "Open Cryptographic Interfaces". My understanding was that any software which contained hooks to call other software which actually performed encryption was regulated as if it contained the encryption itself, since it contains an implementation of a cryptographic interface. > > Probably. It's my theory that the software is no longer export restricted > > once you make the BXA notification. That's not true. See here: http://www.bxa.doc.gov/Encryption/lechart1.html Under the category 'Unrestricted source code ("open source")' it contains an additional restriction 'may not knowingly export to the T-7'. T-7 is defined as: Cuba, Iran, Iraq, Libya, North Korea, Syria, and Sudan. Our FTP servers do not block these countries, so I don't know if we would still be considered compliant under these rules. I think it's safer to leave everything in non-US. Eric
