Software that is imported becomes subject to ITAR with respect to re-exportation, of course (but of course IANALetc.) If you can't demonstrate to MSFT that you are playing by the rules --such that you have the proper export papers for your code if you plan to export it, for example-- they won't sign, even if developed outside US. So: you develop a CSP outside US ... you have to IMPORT it to get it signed. It becomes subject at that point to ITAR export regs. Unless you demonstrate that you fulfull those requirements, no signature. So there's no relief by looking at just exporting the signature. ? At 07:21 PM 12/22/96 -0800, you wrote:

At 07:36 AM 12/18/96 -0800, geeman@best.com wrote:

...

Microsoft had to agree to validate crypto binaries against a signature to make sure they weren't tampered with, in exchange for shipping crypto-with-a-hole. They will sign anything (theoretically) if it has the export papers and all. Or without, if you affadavit it is not for export.

They do not themselves impose any restrictions on crypto strength. I'm not expressing political position here, just conveying facts ....

What if the software involved was IMPORTED? Moreover, is legal to export just the signature?

Jim Bell jimbell@pacifier.com