1996-10-23 - Re: PIS_son

Header Data

From: jim bell <jimbell@pacifier.com>
To: jsw@netscape.com
Message Hash: 8bc0c192b735cb4e455055039e64a96a9cee26114c49fdee241550d62fc98670
Message ID: <199610230529.WAA23151@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-10-23 05:29:58 UTC
Raw Date: Tue, 22 Oct 1996 22:29:58 -0700 (PDT)

Raw message

From: jim bell <jimbell@pacifier.com>
Date: Tue, 22 Oct 1996 22:29:58 -0700 (PDT)
To: jsw@netscape.com
Subject: Re: PIS_son
Message-ID: <199610230529.WAA23151@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:11 PM 10/22/96 -0700, Jeff Weinstein wrote:
>John Young wrote:
>>    10-17-96, BuWi:
>>    "Apple, IBM, JavaSoft, Motorola, Netscape, Nortel, Novell,
>>    RSA, and Silicon Graphics Announce PICA Crypto-Alliance"
>>       The PICA specification will also be designed to make the
>>       task of developing differing domestic and exportable
>>       security requirements much easier. [GAK alliance 2.]
>
>  John, I think you are misreading the intent here.  By making
>it easier to develop separate domestic and exportable
>versions of a product, we foil the government's attempt to
>force weak domestic encryption because it is too much work to
>maintain two different versions.

What about making it easier to interconvert the domestic and exportable 
versions of the program?  Okay, I understand that given your position you 
might not want to come out on the record on this issue, but it seems to me 
that it would serve your interests to make it as easy as possible for a 
foreign buyer to convert a legally-exported copy of Netscape into an 
export-restricted one.

The default way for foreign buyers:  Buy Netscape from your Co., put it on 
the shelf, download illegally-exported version and use it.  Doable, 
obviously.  However, a more subtle way would be to add (or, for that matter, 
subtract) a portion of the program that controls whether or not 
export-quality encryption would "go."  

True, the "erase a file to enable good crypto" might not fly, but the 
opposite might.  I'm not talking about conventional "crypto with a hole," 
but simply a program which always contains crypto whose functioning is 
limited by an external program.


Jim Bell
jimbell@pacifier.com





Thread