[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape gives in to key escrow



Jeff wrote:
> sameer wrote:
> > http://www.cnet.com/Central/News/govt.html
> >         Bad. Very Bad. And I was almost starting to like Netscape.
>   Please don't give up on us yet. 
[...]
> PS - you won't find a LEF(sic)  in the soon to be released SSL Version 3 spec...
> Jeff Weinstein - Electronic Munitions Specialist

I've been trying to figure out the boundary conditions of the speech - what's the best 
and worst interpretations that can be placed upon it. I was not at the show.

Worst: Netscape will put GAK into every server and browser it sells or distributes.

Best: Out of context, misinterpreted quote, referring to the Fortezza support in the 
newest version of SSL. 

Fortezza (and the earlier, related Tessera) are PCMCIA cards with Clipper chips.
Clipper, as we know, *is* escrowed.

There's a lot of interest within the USG for using Web-based technologies for 
distributing information, some of it confidential. With a Fortezza-based laptop and
a Fortezza-enabled browser, a government employee  would be able to securely obtain 
text and graphics info while out in the field - for example, a social worker looking up
case histories while at a client's home, to choose a fairly uncontroversial example.

At a W3C meeting a few months ago, some NSA employees demoed a Tessera 
enabled Mosaic client and server. 

Netscape (and other SW companies) would like to sell to the USG - it's a big market.
Adding support for USG supported security systems expands that potential market.


Jeff, this does not let you or Netscape off of the hook. A *lot* of people are wondering 
just exactly what Jim was alluding to,. and would like to see a full, in-context quote.


speaking only for myself (whatever that is worth :-)

	Peter Trei
	[email protected]