Re: Interactive Week exclusive - White House to launch "ClipperIII"

[Paul Robichaux <paul@ljl.COM>]

>1. Will there be pressures put on the browser companies (Netscape,
>Microsoft, etc.) and the e-mail companies (Qualcomm, Microsoft, Claris,
>Lotus, etc.) to produce a "world version" that meets export standards with
>a single shrink-wrapped package?

Qualcomm has elected not to directly support PGP in the past, and it would
appear that NSA & State have broadly construed the ITAR sections on crypto
capability to mean that apps which can plug in crypto modules are
themselves not exportable (cf. Kerberos bones and the whole rationale
behind the MS CryptoAPI.)

However, Eudora 3.0 includes a plugin architecture for translators. These
translators can be used in a variety of ways, including for message
compression, foreign-language translation, and signatures. In fact, one of
the sample "translators" provided provides a "sign with PGP" icon in the
message composition window. Click it, put in your passphrase, and off you
go-- much easier than any of the existing solutions.

The plugin technology is such that it would be easy to write signature &
encryption plugins to use your choice of technology: Fortezza, Entrust,
PGP, IPG, or whatever. In fact, you might see Fortezza and Entrust plugins
later this summer :)

Several 'punks have speculated in the past about whether a general-purpose
plugin architecture that could be used for crypto would subject the product
to ITAR. Since I very seriously doubt Qualcomm would design & ship this
capability without finding out whether such an architecture would render
their product unexportable, my assumption is that (at least for now) there
is no world version requirement-- but vendors still have to face the
hassles of keeping, selling, and maintaining two separate versions. Ask
Netscape how much fun _that_ is.

-Paul


--
Paul Robichaux                    LJL Enterprises, Inc.
paul@ljl.com                      Be a cryptography user. Ask me how.

PGP signature