[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Verisign gets export approval





I think it tells us that Verisign managed to convince the government that
their product is only used for authentication, not encrypting content. 
Which appears currently to be true, no?  And since AFIK (Please, someone,
correct this if I'm wrong!) you can't with netscape anyway download
another party's key that you verify with a Verisign certificate, it would
take a fair amount of work for the ordinary user to set up a secure
channel using the current Verisign infrastructure.   

The ITAR exception for authentication-only products is of long standing.

On Wed, 16 Jul 1997, Bill Stewart wrote:

> Forwarded from PGP-USERS list:
> > First PGPInc and now VeriSign? Hmmm. Is this telling us something?
> 
>      "VeriSign on Monday said it received permission from 
>        the U.S. Department of Commerce to export 128-bit 
>        strong encryption software and issue digital 
>        identifications to approved organizations based on 
>        that software. "
> 
>      "Under the 128-bit scheme approved by the U.S. 
>       government Monday, companies will not need to 
>       place their encryption keys in escrow, or submit 
>       to U.S. government key-recovery requirements in 
>      order to use VeriSign's software, company officials said."
> 
> 
> 
> #			Thanks;  Bill
> # Bill Stewart, +1-415-442-2215 [email protected]
> # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
> #   (If this is a mailing list or news, please Cc: me on replies.  Thanks.)
> 

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | "Cyberspace" is not a place.
U. Miami School of Law     | [email protected]
P.O. Box 248087            | http://www.law.miami.edu/~froomkin
Coral Gables, FL 33124 USA | It's @%#$%$# hot here.