Depending upon where you live, the export laws regarding encryption are
different. In Europe, there is the "The Wassenaar Agreement". In the
US, the ITAR - If you are in the US (but a non-US citizen) you are still
subject to the ITAR. Check your laws carefully.
Typically, when a company exports an OS, they have to meet export
requirements. That's why Windows ships with 40bit encryption rather
than 128bit and the 128bit High Encryption pack was made available to US
citizens. You can use that functionality in your application. However,
if you export an application that utilizes this functionality, you need
to be in compliance with your export (and in some cases, import laws).
Indy and other open source projects have gotten around this by not
including the OpenSSL libraries with their source. If you want SSL/TLS
functionality, YOU need to obtain the libraries (they do give you the
links) and it is YOU that needs to know your local laws when doing so.
Scary stuff whenever you decide to export an application that includes
high level encryption, eh? That's one of the reasons I pretty much
stopped working in this field except for software that's for use in the
US (the company I work for offers software for public safety).
So, to sum it up, be safe - check your laws before selling your software
outside of your own country.
Charles
dk_sz wrote:
>> Before you export a cryptographic application from the US be sure that
>> you are compliance with the law. Consult with a lawyer familiar with
>> the ITAR (or newer legislation) to be safe.
>
> I am not from the US so that probably provides some safety.
>
> Anyways, I think using the builtin OS support should be OK.
> Afterall, the OS only supports it then legal...? It would be
> very hard to punish for using builtin functionality in Windows
> when it comes to such a basic thing as webcrawling :-)
>
> Then agin, IANAL, sometimes laws are crazy... :-(
>
>
> When I get time I will still research if WinInet can be used.
> I have managed to do this somewhat (wrapping atop on Indy
> and then switch if https), but it would be nicer if I could use Indy.
> (Would be nice to have redirects, headers etc. in same code)
>
>
> best regards
> Thomas
