[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 40bit Encryption : Adequate or sadly lacking ?
On Jan 18, 7:21am, Duncan wrote:
> Subject: Re: 40bit Encryption : Adequate or sadly lacking ?
>
> >> Marc, isn't it possible (legally) to deliver products with a replaceble
> >> encryption library (dll). Delivery with a 40-bit key DLL. The user has
> >> the option to install a dll with a different keysize. Somewhat like
> >> winsock....
> >
> >
> >Actually, it's probably worse than you think:
> >
> >There are govt's out there that won't let you import code that is
> >"encryption ready". You must prove that your software is tamper proof
> >before it can be imported, and tamper proofing means that you can't
> >bolt on security. Also, I believe the export laws disallow "plug in"
> >security in the US...
> >
> >The crypto legal world sucks.
>
> Could you clarify the export restriction on "plug and play" encryption ready
> products? I am about to embark on a project that I want to be distributed
> freely that would be designed around a generic encryption intereface that I
> would wrap around a real encryption core such as PGP,etc. I wanted to
include a
> BS encryption in the freely distributable package to prevent export woes.
The
> project is in design stages now and I don't need this additional headache.
Contact a lawyer. It's *really* complicated, and I'm not a lawyer so anything I
tell you could be wrong in some important way, and then you would get really
angry if the govt started chewing you to pieces.
--
---------------------------------------------------------------------
Kipp E.B. Hickman Netscape Communications Corp.
[email protected] http://home.mcom.com/people/kipp/index.html