Hacker News new | ask | show | jobs
by metafunctor 3821 days ago
I don't think it matters where the encryption capability comes from.

The iTunes Connect FAQ says: “If your app uses, accesses, implements or incorporates industry standard encryption algorithms other than those listed as exemptions under question 2, you need to submit for an ERN authorization. Examples of standard encryption are: AES, SSL, https.”

There are a lot of exemptions, but only using Apple's HTTPS is not one.
2 comments
Guvante 3821 days ago
Sounds like Apple is the cause here, since export restrictions don't apply to things that are never exported. If you aren't embedding the algorithm then your code is not exporting the algorithm.
link
eps 3821 days ago
> industry standard

What about custom crypto then?

link
noblethrasher 3821 days ago
The line between encoding and encryption is blurry, so it would be difficult to enforce without being seeming arbitrary or capricious.

On the other hand, custom crypto will almost certainly be defective, so why bother prohibiting it it?

link