[Python-Dev] Cryptographic stuff for 2.3

Martin v. L÷wis martin@v.loewis.de
24 Apr 2003 22:29:10 +0200

Brett Cannon <bac@OCF.Berkeley.EDU> writes:

> Anything that causes export issues should be separate.  From my
> understanding hash functions are not regulated.  I believe SSL is okay
> because the encryption is not high enough (this all from memory, so don't
> take this as hard fact).

It is probably pointless to discuss this among non-lawyers, however, I
do believe that a strict "no crypto" policy would cause the removal of
all the modules that Barry mentioned.

For the specific case of OpenSSL, it seems pretty clear that it
*cannot* be exported from the US without telling the respective
agency. When I studied their rules, I came to the conclusion that even
the *wrapper* around it needs to be declared (so both the Windows
binary release and the source release cannot be exported without
being declared in advance).

Of course, if one considers crypto stuff as useless and a waste of
time, then probably https is not interesting, either.