alt Hacker NewsIs this actually new? Looks like a standard US export restriction for encryption technology to me. These sorts of restrictions have been around since the '90s.
Let's Encrypt becomes subject to US export restrictions on cryptography if they are a US company, or if they post anything to github or post anything to major app stores. Every app I have ever posted to Google Play has had to submit a form to the US government declaring what use they make of cryptography.
These restrictions have been in force since that late 1950s (with a long and complicated history with respect to computer cryptography). This particular text looks like a boilerplate restriction, that's required to comply with US EAR export requirements to me.
Replies
Organisations that are serious about promoting privacy should have been avoiding the US since the '90s and/or '50s, but the second best time to reincorporate in a safe jurisdiction is today.
A certificate is not cryptography, though, it's a number. The entity requesting the certificate already has the cryptographic software installed on their servers, as do the clients trying to connect to them. There's nothing technologically special about the number, it's all in the realm of the social contract, in that it has been blessed by a chain of trust.