In article <1992Oct9.233126.10429@uoft02.utoledo.edu>, jsteiner@anwsun.phya.utoledo.edu (jason 'Think!' steiner) writes:
|> please correct me if i'm wrong, but in reading the FAQ my mind started
|> to boggle & i need to clarify this:
|>
|> 1. RSA is pretty much a standard in Europe.
|> 2. it is illegal to export RSA stuff from the US.
|>
This is not strictly correct. It is illegal to export cryptographic stuff (including RSA) without first getting an export permit from the State Department. While this is a time-consuming process, it is by no means impossible to get such an export license. It all depends on who the designated recipient is.
If you were to apply for an export license to sell RSA to Lloyds Bank in the UK, then it would probably be granted (after some months of bureaucracy). If you wanted to sell it to the Iraqi government, you probably wouldn't get it approved!
(and if you wanted to sell it to BCCI a couple of years ago, you probably would have gotten the license approved, since they were a bank! No one said the policy was logical.)
I'm not trying to defend the export restriction program, as it is a real pain for any company trying to sell security in the international marketplace. Most of the rules also seem to be locking the barn door long after the horse was stolen.
However, it is possible to export cryptographic equipment from the US. It is only illegal to do so without an export license, and it is possible to get those licenses approved for the right customers.
