Re: Crippled Notes export encryption

[Jeff Weinstein <jsw@netscape.com>]

David Mazieres wrote:
> 
> In article <3105FBFC.4DC9@netscape.com> Jeff Weinstein <jsw@netscape.com> writes:
> >   The other way would be to export a binary with pluggable crypto,
> > which is generally agreed to be regulated by the ITAR in the same
> > way as software that actually contains crypto.
> 
> How did kerberos avoid this?  The "bones" distribution of kerberos
> without crypto was not regulated by ITAR, right?

  As others have noted, they removed the calls to the crypto code.

  I don't think that the TLAs are concerned about people at
foreign universities using kerberos.  They are much more worried
about mass market products.  If we did the same thing as was done
for kerberos, then exported the code to a foreign subsidiary, I
believe that the government would try to make a case against us
that we had participated in a conspiracy to circumvent the
export restrictions.

  The government continues to use FUD to impose defacto restrictions
on what we can do.  When they decided not to prosecute PRZ they did
not clarify and said that they may decide at any time to go after
someone else.  They continue to try to wiggle out of stating a
clear, firm policy.  I think that our current efforts should be
geared towards pinning them down, then once we have specific
restrictions we can attack them.  The Phil Karn case is important
because it will help to clarify the ITAR restrictions.  Even 
Raph's RSA T-shirt CJR may help to clarify the restrictions into
something that we can really fight.

	--Jeff

-- 
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.