[1369] in WWW Security List Archive
Re: Digest Authentication
daemon@ATHENA.MIT.EDU (Allan M. Schiffman)
Mon Jan 1 19:01:56 1996
Date: Mon, 1 Jan 1996 13:30:36 -0800
To: Ned Freed <NED@INNOSOFT.COM>
From: ams@terisa.com (Allan M. Schiffman)
Cc: http-wg@cuckoo.hpl.hp.com, www-security@ns2.rutgers.edu,
"Robert W. Shirey" <rshirey@bbn.com>
Errors-To: owner-www-security@ns2.rutgers.edu
>In other words, the status of authentication-only systems is peculiar. First it
>is specifically exempted from one item on the munitions list, but then there's
>another item on the list that appears to include it in spite of the earlier
>exemption.
I stand corrected. Thanks, Ned. Wishful thinking on my part, I guess.
>The bottom line is that if you intend to export anything that uses
>cryptographic methods, you'd best hire a lawyer familiar with export law and
>get approval for it. You'll probably have no problem with authentication.
The bottom line for Digest Authentication means, then, that domestic
developers who include this mechanism would need to apply for some sort of
export approval (presumably they would apply for CJ and get it).
-Allan
