From: Duncan <djw@pentagon.io.com>
Date: Wed, 18 Jan 95 05:22:05 PST
To: kipp@warp.mcom.com (Kipp E.B. Hickman)
Subject: Re: 40bit Encryption : Adequate or sadly lacking ?
In-Reply-To: <9501172240.AA05908@warp.mcom.com>
Message-ID: <199501181321.HAA04672@pentagon.io.com>
MIME-Version: 1.0
Content-Type: text/plain



>> Marc, isn't it possible (legally) to deliver products with a replaceble 
>> encryption library (dll). Delivery with a 40-bit key DLL. The user has 
>> the option to install a dll with a different keysize. Somewhat like 
>> winsock....
>
>
>Actually, it's probably worse than you think:
>
>There are govt's out there that won't let you import code that is
>"encryption ready". You must prove that your software is tamper proof
>before it can be imported, and tamper proofing means that you can't
>bolt on security. Also, I believe the export laws disallow "plug in"
>security in the US...
>
>The crypto legal world sucks.

Could you clarify the export restriction on "plug and play" encryption ready
products?  I am about to embark on a project that I want to be distributed
freely that would be designed around a generic encryption intereface that I
would wrap around a real encryption core such as PGP,etc.  I wanted to include a
BS encryption in the freely distributable package to prevent export woes.  The
project is in design stages now and I don't need this additional headache.

djw

-------------------------------------------------------------
Duncan J Watson                                    djw@io.com
"Sig Quote goes here"                              duncan@hasp.com