[1443] in WWW Security List Archive
crypto export laws
daemon@ATHENA.MIT.EDU (John Hemming - CEO MarketNet)
Wed Feb 7 07:44:24 1996
From: "John Hemming - CEO MarketNet" <johnhemming@mkn.co.uk>
Date: Wed, 07 Feb 1996 10:43:35 AM PST
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>Can anyone give me the facts on the current cryptography export laws for
>internal corporate use? That is, if my company wants to communicate safely with
>our own branch offices abroad via WANs, can we use 128 bit encryption for that
>communication? Or are we restricted to 40 bit once the communication leaves the
>US (virtual) border?
The restriction to 40 bit is in having software that will run at 128 bits. We have
been working on a browser that includes 128 bits SSL and is available outside
the US.
We are close to implementing facilities similar to Netscape 1.1 as well as
SSL 128bit. The program at
ftp://193.119.26.70/mktnet/pub/h160.zip
Does that, but still has some interesting bugs particularly if you resize a
window whilst it is loading some graphics. (particularly larger ones).
It does not provide downloaded brush backgrounds only plain colour
backgrounds.
If you use that browser (or server) outside the US then you can link through
to the US with 128bit SSL.
Alternatively you can write your own implementation of SSL (outside the
US not using any US RSA code)
(The normal version of the browser updates is stored at
http://193.119.26.70/mktnet/pub/horse.zip
The one you will find at h160.zip displays better than horse.zip, but does
crash rather a lot.)
(Windows 3.1 and 95)
