rotor alternative?

[Paul Rubin]

Michael Hudson <mwh at python.net> writes:
> Given the -- highly international -- way the last year or so of Python
> development have gone and e.g. where www.python.org is located it's
> unclear what *any* countries *export* laws have to do with it, but
> unfortunately many countries have *import* laws too.  The world is a
> sorry place.

I still think Python should have good crypto, but if necessary it can
be separated from the main part of the distribution, or there can be
two separate distributions (with and without crypto).  

Sun used the first approach when it separated JCA (Java Crypto
Architecture) from JCE (Java Crypto Extensions).  JCA only provided
authentication mechanisms and not actual encryption, so it was
exportable without a license.  JCE provided encryption and you had to
get it separately.

Netscape and Microsoft used the second approach: there were separate
"US" and "export" versions of the Netscape Navigator and MSIE
browsers.  The US versions had strong cryptography while the export
versions used weak cryptography.  Note that Netscape and Microsoft
still had to get export licenses even for the weak versions, which at
the time required filling out a bunch of forms and waiting for
approval.  It got easier as litigation and technical developments
showed the regulations to be more and more ridiculous.