The crucial bit is the "GENERAL SOFTWARE NOTE":
http://www.fitug.de/news/wa/GTNGSN.html
which has this added:
>N.B. Entry 1 of the General Software Note does not release "software"
> controlled by Category 5 - Part 2.
However that extra note totally eviscerates the general software note.
From:
http://www.fitug.de/news/wa/Cat5P2.html
------------------------------------------------------------------------------
Note 3 Cryptography Note
5.A.2. and 5.D.2. do not control items that meet all of the following:
a. Generally available to the public by being sold, without
restriction, from stock at retail selling points by means of any
of the following:
1. Over-the-counter transactions;
2. Mail order transactions;
3. Electronic transactions; or
4. Telephone call transactions;
b. The cryptographic functionality cannot easily be changed by the user;
c. Designed for installation by the user without further substantial
support by the supplier;
d. Does not contain a "symmetric algorithm" employing a key length
exceeding 64 bits; and
e. When necessary, details of the items are accessible and will be
provided, upon request, to the appropriate authority in the exporter's
country in order to ascertain compliance with conditions described in
paragraphs a. to d. above.
Technical Note
In Category 5 - Part 2, parity bits are not included in the key length.
------------------------------------------------------------------------------
My insightful analysis: this sucks big-time.