[1372] in WWW Security List Archive
Re: Digest Authentication
daemon@ATHENA.MIT.EDU (Ned Freed)
Tue Jan 2 03:43:02 1996
Date: Mon, 01 Jan 1996 22:31:01 -0800 (PST)
From: Ned Freed <NED@INNOSOFT.COM>
In-reply-to: "Your message dated Mon, 01 Jan 1996 13:30:36 -0800"
<v02130500ad0e01704a95@[205.226.39.192]>
To: ams@terisa.com
Cc: Ned Freed <NED@INNOSOFT.COM>, http-wg@cuckoo.hpl.hp.com,
www-security@ns2.rutgers.edu, "Robert W. Shirey" <rshirey@bbn.com>
Errors-To: owner-www-security@ns2.rutgers.edu
> > The bottom line is that if you intend to export anything that uses
> > cryptographic methods, you'd best hire a lawyer familiar with export law and
> > get approval for it. You'll probably have no problem with authentication.
> The bottom line for Digest Authentication means, then, that domestic
> developers who include this mechanism would need to apply for some sort of
> export approval (presumably they would apply for CJ and get it).
I have no reason to think otherwise. And for those who don't want to pay for a
lawyer, you can always try for it on your own. There's a "Do it yourself CJ
approval kit" available at:
ftp://ftp.cygnus.com/pub/export/cjr.kit
Note that I am not recommending this approach -- I have not tried this kit and
cannot speak to whether or not it's the right way to go about it.
Ned
