Current State of Exporting Open-Source Encryption?

Jay Maynard asks: "The project team is getting ready to release a new version of the Hercules IBM mainframe emulator. Part of the update is support for new instructions IBM added in their latest z/990 system, and two of those do encryption. The Bureau of Industry and Security (formerly the Bureau of Export Administration) changed their regulations on June 6, 2002 to grant a license to export open-source encryption code to anyone but the usual suspects (denied persons and banned countries). They went on to recently clarify that putting up code for download did not in itself constitute exporting to those banned countries or persons. There are many open-source projects that still host encryption code outside the US because of past rules. Is there still a reason for doing so?"

Yes, very much!

[shfted!]

There are many open-source projects that still host encryption code outside the US because of past rules. Is there still a reason for doing so?" DeCSS is the obvious example. Without code based on it, I could not watch DVDs I rent on Linux. As DeCSS is made illegal by the DMCA, the only choice for projects using that code is to host outside the US.

off the top?

[mikecarrmikecarr]

"There are many open-source projects that still host encryption code outside the US because of past rules. Is there still a reason for doing so?"

uhm... why should anyone outside the US believe that the US will continue with its current position? Does the current political climate of the US, as observed by other nations (i.e. Canada), suggest that open-source encryption (read: tools to aid and abet terrorists) will continue to enjoy the lack of restrictions?

i dunno, it seems like a whole shwack of 'once bitten, twice shy' to me.

not trying to flame, i just can't see anything (from this side of the border) to suggest that we should be trusting the US not to change their position. *shrugs*