Msg#: 4032776 posted 4:38 pm on Nov 27, 2009 (gmt 0)
Here's an interesting question.
I'm not concerned about the security of this since I'd always use a locally-stored key for encryption which matches a server-side key for decryption. Despite being client-side, it would serve its purpose well.
It's cryptography, it's algorithms, and it's being exported. The source code for the cryptography method is right there, in a <script> on my page.
Aren't there laws regulating that?
Would I be doing something illegal using this client-side code on my website?
Msg#: 4032776 posted 4:51 am on Nov 28, 2009 (gmt 0)
I'd run it by an attorney for sure. Adobe, for example, has products that cannot be exported to certain countries for a variety of highly dubious reasons, IMO.
Cryptography would certainly be a flag around the world.
It's incredibly stupid, as if these other countries don't have the intellectual capacity to design what they need or to buy it and easily export themselves.
I have no problems whatsoever with exporting virtually any intellectual property, including cryptology.
Here in the USA (where we have lost all common sense) I'd expect it to be a problem, and I would expect most countries to have import and export bureaucracy for encrytion programs; no matter how easily defeated. You could probably sell it in your own country and let it be the buyers' 'problem', but I would lawyer-up first.
I'll skip the rant; you can guess where I'd be going.
Msg#: 4032776 posted 1:28 am on Dec 1, 2009 (gmt 0)
For some countries it is not export to them which is the problem, but import. There are countries which don't allow cryptographic routines to cross their border because the government is afraid that those routines can be used to hide information for them.