while stumbling over http://www.apache.org/dev/crypto.html
I come to think about our Credential Manager:
While we don't have our own encryption code (puh!) we certainly have a fair share of plumbing that uses it.
Credential Manager uses BouncyCastle to keep an encrypted user/password and certificate store in the Taverna user home directory - based on a password the user provides.
Obviously we also generally support https:// through Java's normal SSL support - the Credential Manager has UI support for managing additional client and server certificates and for asking for username/password on connections.
The WSDL activity has support for using WS Security authentication and also works with https.
Looking over the policy at http://www.apache.org/dev/crypto.html I realize now that when we distribute the Taverna Command Line (and Workbench) binary distribution it would be bundling and using the Bouncy Castle library - which would be covered by US Export restrictions.
Thus this task to review what of our code and distributions would be covered by US Export restrictions - if any - and perform the required reporting if needed.