[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Crippled Notes export encryption
At 01:18 PM 1/24/96 -0800, Jeff Weinstein <[email protected]> wrote:
>Mike Tighe wrote:
>> > I can see two practical ways to build a netscape product outside
>> > the US. The first is to export the source code for the Navigator
>> > with the crypto code removed. ....
>> Didn't Netscape already promise to remove the hooks? It seems to me all of
>> the major software players are already in bed with the government.
>
> What do you mean by "promise to remove the hooks"?
I think Mike's remembering the NCSA freeware httpd server which had the
crypto code removed at the NSA's request. I don't remember if that was
before or after the Mosaic developers left to form Netscape, but being
an organization that gets government grant money subjects you to more
leverage than a random commercial company.
One seeming paradox of the law is that you're not allowed to export
"components of a cryptosystem", e.g. software with the crypto routines
removed but everything else there. But you are allowed to export code
that the NSA has determined isn't strong enough to bother them,
including applications with wimpy cryptosystems. The Clipper II escrow
standardization folks attempted to get industry to agree on
wiretap-enabled short-key software with tampering protection
in return for export permission, but as far as I know the current
not-officially-defined policy of 40 bits doesn't require that
export-requesting software be non-modular; how much work would it be
to binary-patch-replace the 40-bit subroutines in current Netscape
with 128-bit subroutines? (More work than just mailing the US version
overseas, I suppose :-) Obviously Netscape couldn't do it themselves
if they wanted to ever get export permission again, but they could
always issue a press release condemning the nasty foreigners for
hacking their product ("We're SHOCKED to discover that HACKING
is going on with our software!")
#--
# Thanks; Bill
# Bill Stewart, [email protected], Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....