For those who were wondering if plug-in crypto hooks were still watched out for. One wonders how the ietf folks are managing to promote internet-wide standards that are considered unexportable (Are they? What's the deal on photuris, PEM, ipsec and the rest of them?)
Does anyone know the ostensible justification for this? What section of the ITARs do they point to when they say "this is illegal"? I've perused an online copy of ITAR (no, I haven't read all of it -- I have other things I want to do this year :-), but I can't find a section that could be construed to support this contention.
Luckily, a lot of cryptographic materials are available outside the United States (see e.g. http://www.cs.hut.fi/crypto for pointers). If the United States chooses to restrict export of IP security products, it simply helps create a flourishing network security and other communications industry in other countries. There are already several implementations of the IP security stuff abroad - including at least one in the former Soviet Union. Tatu