Two points: the CSP development kit is export-controlled; and signing a CSP developed by a foreign vendor is treated as a export -- so the signature is export-controlled.

We would ship a CSP development kit to a foreign vendor, and sign a CSP developed by the foreign vendor, but only with the appropriate export licenses.

This could lead to problems. I'm not sure what the European Community reaction to US attempts to export its legal system will be. The problem is that the Lotus Notes scheme changes the previous deal. Before the European governments benefited from the US export control laws because they had wiretap abilities. Now they are denied wiretap capabilities and have the US able to snoop on all their traffic. Could find yourselves in the middle of a nasty battle... Phill