Dean Anderson writes: > The IETF could write a letter to the appropriate Ministry to ask for a > special exemption. It can't. Declarations and requests for authorization must come from the vendor or the user. But in practice, most types of crypto are lightly regulated, or not at all, if they use 128 effective bits or less (and I'm not aware of any special efforts to verify key lengths). "Effective" means, incidentally, that the difficulty of cracking the encryption by brute force must be equal to or less than 2^128 operations. > 'Rarely enforced' doesn't mean that they should be ignored. True, as it facilitates selective enforcement. But in some countries the official procedures are so complex and long that nobody can adhere to them in practice, and so they are largely unenforced, except when the government finds it convenient to enforce them. Sort of a Catch-22. _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf