are specifically designed for the insertion of cryptographic materials, or is it the fact that they could be used to support cryptographic enhancements?
Everything is decided on a case-by-case basis. I was in a meeting with some NSA export-control people (Dept Z03) and asked a few questions on this topic trying to nail down the angle of this slipper slope. Basically, generic buffer-manipulation is okay. "Keyed compression" where you explicitly passed something called a key to a DLL routine would be looked on suspiciously. An abstract set of open/modify/close routines (where open returned a pointer to opaque state, say a session key :) would be fine. The technical guy quickly grasped that I was talking about anonymous remailers, but they "conceded" there's nothing they can do about it. I say "concede" because that implies more political/control-issues then were really present at the meeting. /r$