[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FROM A FRIEND . . .
In article <[email protected]>, [email protected] (Duncan Frissell) writes:
> >Updating Customers:
> >Netscape will provide the fix for Export (40 bit) versions of Netscape
> >Navigator later this week for downloading by customers on the Internet.
> >Similarly, the
> >Commerce Server patch for Export versions (40 bit) will be made available
> >from our home page. Because downloading of 128 bit versions of the software
. >is still not permitted by U.S. law, U.S. customers of Netscape Navigator,
> >Netscape Navigator Personal Edition and Netscape Commerce Server using 128
> >bit versions can request the replacement from Netscape for delivery through
> >the regular mail.
>
> Funny, MIT and MPJ and others manage to enable the downloading of
> export-controlled software. Also, wasn't there some sort of promise by
> Netscape after we broke the 40-bit version to make the 128-bit version
> available to US users under the Beta/freeware system? What happened to that
> plan?
We are also examining some sort of binary patch technology, so that
folks with the US-only version can easily download and apply the patch.
I think that the general opinion of engineers and management here at
Netscape is that it would be A Really Good Thing to have our US-only
128+ bit version of Netscape Navigator available for download by US
citizens and others who are not legally prohibited from using it.
As a matter of fact, up until the RNG thing hit on sunday night, I
had been making myself a major pain in the ass to netscape managers
and executive, bugging them every day for at least the past several
weeks, to get a decision about making the US version available for
free download.
I know that MIT, RSA, and others make crypto code available for
download with various mechanism. I'm sure that these institutions
did not make the decision lightly. This issue is now a very high
priority for our lawyers, but it will take some time for them to
reach a legal opinion about Netscape's legal exposure. The fact that
MIT and RSA have done it does not mean that the government will not
go after Netscape for similar behavior. We all know what a juicy
target Netscape is these days... :-)
We have submitted our proposal for download checking to the State Dept.
I think that our process does more validation than what others have done.
The State Dept. has so far refused to send us any kind of written approval
of our proposed methods. I know that many of you think that this is
futile, and I won't dispute that, but I think we do have to make the
effort in order for our case to hold up later.
We do share your frustration at being forced to use weak crypto.
This has been a major pain for us, but I believe that we are committed
to continuing to produce a version with strong crypto (as long as it
remains legal - sigh).
I for one will always fight to ensure that we have a version of
our Navigator that supports "strong" crypto, and to make that version
easily and widely available. The governments attempts to get
companies to produce watered down versions for the US because it is
easier will not succeed here as long as I have any say in the matter.
Also, the company has taken a vocal public position against the
current ITAR restrictions and any sort of mandatory or government
controlled key escrow.
We are working on it. Please try to be patient. It is just as hard
for us as it is for you...
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.