Re: Keyed-MD5, ITAR, and HTTP-NG

[James Black <black@sunflash.eng.usf.edu>]

Hello,

On Mon, 30 Oct 1995, Simon Spero wrote:

> The reason I wanted to check is that I'm solidifying some of security 
> paramaters for HTTP-NG so we can add them to the test implementation 
> before the Dallas IETF. In addition to the slight problem of having half 
> the development team on the other side of the Atlantic, I want to make at 
> least a subset of the security schemes mandatory, and that means making 
> the core stuff exportable.

  Since you deal with security issues maybe you can help me to learn 
about some issues with encryption.  I am talking with one of the 
administration people about putting PGP on the system for everyone to 
use, but there are issues for them (the admin) as they might be liable, 
even if they can't read the e-mail.  What other legal considerations 
should be evaluated?
  Is there any large organizations (like any other universities) that 
allow their students to use PGP, and have the system in place to make it 
easier for the students?  If it is offered here I might be the one to add 
to the mail program (pine) that is generally used to transparently use 
PGP, which is what I mean by having a system set up for the encryption. 
  Thanx for any help.  Take care and have fun.

James Black
black@suntan.eng.usf.edu