

Encryption in your iPhone application? Get ready for paperwork. - d_r
http://www.zetetic.net/blog/2009/08/03/mass-market-encryption-commodity-classification-for-iphone-applications-in-8-easy-steps/

======
Hoff
ITAR (munitions) compliance is not a particularly new aspect of software
export; if you were exporting encryption, you need(ed) to work within the
rules.

In my experience, ITAR compliance has gotten easier, too.

Using existing and available encryption libraries (and at settings below
military-grade) is usually the easier approach. This rather than rolling and
then reviewing your own encryption. Certainly for ease of export compliance,
but also because rolling your own encryption code is one of those design and
programming tasks that is far harder than it looks, if you really want to get
that code "right".

There are certainly other considerations around exportation and with working
internationally.

If you're not sure, check with a legal services firm; with the folks that know
the details of complying with export and import requirements, and with
individuals and businesses and countries you can (and cannot) work with
internationally.

<http://www.pmddtc.state.gov/regulations_laws/itar.html>

~~~
d_r
Of course, rolling your own encryption has more than one peril.

The catch in this case seems to be that "encryption" includes even making an
HTTPS request with built in iOS libraries.

