[DennisP]

> Encryption beyond a particular strength has long been an ITAR restricted export.

I'm not sure what you mean by "restricted," but publishing open source encryption software on the internet only requires that the BIS be notified. No review or approval is required.

https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

[salawat]

Technically, you're supposed to have to ask, and BIS can say no. That's restricted. There is the possibility of extra friction. I've never administered or experienced the compliance process myself, mind. I just know it's a thing.

[dcow]

Can you link the section where it says you’re supposed to ask? In my experience you don’t get assigned anything, you tell them what you are classified as and of course they can disagree but there’s no “tell me my export classification” part unless you fall under a restriction and can’t claim any exemption. Only then do you submit anything. And from my reading of those hellish documents, encryption software for which the source code is publicly available is exempt.

[DennisP]

I linked as source saying that's not the case. Maybe you can provide a source for your claim?