[deaddodo]

Which part are you disagreeing with? I'm literally laymaning the law.

The law never covered using cryptography, it was always about exporting it. Mostly it was written around keeping military specific cryptography from entering rival powers hands, but was overbearing. So they amended it to allow commercially developed/homegrown cryptography (explicitly not developed for governmental/military use) to be distributed normally. In practice, it's still a little muddy as many of those use DoJ/DoS-funded cryptography patterns, but the government has chosen to take a fairly hands off approach on those (RSA and DSA are key examples).

You're correct that it would also be almost impossible to enforce the original wording in today's world of globalization. They also have little power to enforce it on foreign nationals, which is why a warning was usually Good Enough(TM) for American software developers.

[hughesjj]

Using is exporting though. If you made a client that had https, and a customer downloaded it in Toronto, you were breaking the law.

[deaddodo]

This is....yes, the exact point; thank you for finally getting to what everyone was saying from the outset. Now follow the conversation forward.

Re-read the first post and the last paragraph of the one you're replying to. Everything you're knee jerk contrarianizing is covered.