Any US export restrictions on use of 256 bit AES SSL & TLS certificates?
Peter Tomlinson
ukcrypto at chiark.greenend.org.uk
Thu, 26 Mar 2009 11:17:56 +0000
Florian Weimer wrote:
> * James Firth:
>>> client has asked for advice on the use of 256 bit AES SSL and TLS
>>> certificates. They want to know if the USA has placed any restrictions
>>> on using AES like this in export markets, or even if the US govt has to
>>> be notified when they are deployed
>> I was under the impression that all "commercial grade" solutions were
>> de-restricted in the US (if you meant US, as you then mention the UK-based
>> company) from 2000.
>>
> The definition of "retail encryption" is somewhat ambiguous.
> Different signatories of the Wassenaar agreement implement it slightly
> differently. To my knowledge, the U.S. interpretation is the most
> liberal one. On the other hand, I would be surprised if anybody
> claimed that cross-border network traffic was somehow affected by
> export regulation just because it was transport-encrypted (and this
> seems to be the OP's scenario).
James and Floria, thanks for that - and thanks also to John Young and to
Melanie Dymond Harper off list (they can't get through chiark's filter
in order to post, they say). The links have given me material that I had
not found myself, and first impression is that 256 bit AES (which needs
the right browser/OS combination, I have learned) for https comms
messages is free to use in the UK (which is where my client's business
and most of their customers are).
Peter