Yes, there is a blanket exception for Canada.
Yep, according to what I can find the good ol' government can refuse to
allow the export of any product using cryptography if it so desires.
The 40 bit (soon to be 56, I believe) limit usually just assures the
producer the government won't bother wasting its time on something it
could crack with less man time.
However, it *is* legal to re-export something that originally was
imported. (Check with a lawyer if it really matters to you.) So as
long as all the crypto code was written outside the US and originally
distributed from somewhere outside the US (say, Finland), you're
covered. However, you *do* have to be careful that the development is
done outside the US.
Oh, and on another point...I believe it is illegal to import only public-
key algorithms for US citizens. The PKP (Public Key Partners) hold a
patent until some time early next century on these.
That is correct, except that the condition is "into the US", not "for
US citizens" -- the patent operates on everyone inside the US, but not
on US citizens abroad. Also, there are some exceptions to patent
coverage, one of which is scientific investigation. So you can toy
with it without fear of legal repercussions but not use it in
production.
Dale
-- Dale R. Worley Ariadne Internet Services Voice: +1 617-899-7949 Fax: +1 617-899-7946 E-mail: worley@ariadne.com "Internet-based electronic commerce solutions to real business problems."