From: Uri Blumenthal <NOSPAM!uri(_at_)ibm(_dot_)net>
Yes for CDMF (IBM-patented, clever reducing the key strength
to 40 bits, as opposite to simply accepting a 40-bit
key only from a user).
There is no "DES-40" per se, unless you mean CDMF; to the best
of my knowledge.
Are you familiar enough with the SSL/TLS technique of creating export
keys (hashing 40 secret bits with 88 salt bits) to state whether it
is covered by the CDMF patent?
The SSL technique has obviously gotten export approval, and has received
some level of cryptographic scrutiny within the SSL/TLS community, and
I've heard no mention of it being encumbered.