Any US export restrictions on use of 256 bit AES SSL & TLS certificates?
Florian Weimer
ukcrypto at chiark.greenend.org.uk
Wed, 25 Mar 2009 22:42:57 +0100
* James Firth:
>> A client has asked for advice on the use of 256 bit AES SSL and TLS
>> certificates. They want to know if the USA has placed any restrictions
>> on using AES like this in export markets, or even if the US govt has to
>> be notified when they are deployed.
> I was under the impression that all "commercial grade" solutions were
> de-restricted in the US (if you meant US, as you then mention the UK-based
> company) from 2000.
The definition of "retail encryption" is somewhat ambiguous.
Different signatories of the Wassenaar agreement implement it slightly
differently. To my knowledge, the U.S. interpretation is the most
liberal one. On the other hand, I would be surprised if anybody
claimed that cross-border network traffic was somehow affected by
export regulation just because it was transport-encrypted (and this
seems to be the OP's scenario).