undefined | Better HN

0 pointsmetafunctor10y ago0 comments

I don't think it matters where the encryption capability comes from.

The iTunes Connect FAQ says: “If your app uses, accesses, implements or incorporates industry standard encryption algorithms other than those listed as exemptions under question 2, you need to submit for an ERN authorization. Examples of standard encryption are: AES, SSL, https.”

There are a lot of exemptions, but only using Apple's HTTPS is not one.

0 comments

Guvante10y ago

Sounds like Apple is the cause here, since export restrictions don't apply to things that are never exported. If you aren't embedding the algorithm then your code is not exporting the algorithm.

eps10y ago

> industry standard

What about custom crypto then?

noblethrasher10y ago

The line between encoding and encryption is blurry, so it would be difficult to enforce without being seeming arbitrary or capricious.

On the other hand, custom crypto will almost certainly be defective, so why bother prohibiting it it?

j / k navigate · click thread line to collapse