1996-01-26 - Re: Crippled Notes export encryption

Header Data

From: Bill Stewart <stewarts@ix.netcom.com>
To: cypherpunks@toad.com
Message Hash: 05334e47ebaab37af6ad978cf67accfa0c5ee1917d236b68a9a16c960b2e664c
Message ID: <199601260939.BAA26137@ix7.ix.netcom.com>
Reply To: N/A
UTC Datetime: 1996-01-26 10:50:50 UTC
Raw Date: Fri, 26 Jan 1996 18:50:50 +0800

Raw message

From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 26 Jan 1996 18:50:50 +0800
To: cypherpunks@toad.com
Subject: Re: Crippled Notes export encryption
Message-ID: <199601260939.BAA26137@ix7.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 01:18 PM 1/24/96 -0800, Jeff Weinstein <jsw@netscape.com> wrote:
>Mike Tighe wrote:
>> >  I can see two practical ways to build a netscape product outside
>> >  the US.  The first is to export the source code for the Navigator
>> >  with the crypto code removed.  ....
>> Didn't Netscape already promise to remove the hooks? It seems to me all of
>> the major software players are already in bed with the government.
>
>  What do you mean by "promise to remove the hooks"?

I think Mike's remembering the NCSA freeware httpd server which had the
crypto code removed at the NSA's request.  I don't remember if that was
before or after the Mosaic developers left to form Netscape, but being
an organization that gets government grant money subjects you to more
leverage than a random commercial company.

One seeming paradox of the law is that you're not allowed to export
"components of a cryptosystem", e.g. software with the crypto routines
removed but everything else there.  But you are allowed to export code
that the NSA has determined isn't strong enough to bother them,
including applications with wimpy cryptosystems.  The Clipper II escrow
standardization folks attempted to get industry to agree on
wiretap-enabled short-key software with tampering protection
in return for export permission, but as far as I know the current
not-officially-defined policy of 40 bits doesn't require that 
export-requesting software be non-modular; how much work would it be
to binary-patch-replace the 40-bit subroutines in current Netscape
with 128-bit subroutines?  (More work than just mailing the US version
overseas, I suppose :-)  Obviously Netscape couldn't do it themselves
if they wanted to ever get export permission again, but they could 
always issue a press release condemning the nasty foreigners for
hacking their product ("We're SHOCKED to discover that HACKING
is going on with our software!")
#--
#				Thanks;  Bill
# Bill Stewart, stewarts@ix.netcom.com, Pager/Voicemail 1-408-787-1281
#
# "Eternal vigilance is the price of liberty" used to mean us watching
# the government, not the other way around....






Thread