[1860] in WWW Security List Archive
Re: Integrating Encryption Module to Netscape
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Sun Apr 21 19:06:18 1996
Date: Sun, 21 Apr 1996 14:02:58 -0700
From: Jeff Weinstein <jsw@netscape.com>
Reply-To: jsw@netscape.com
To: Ronald van Kuijk <rvkuijk@atriserv.nl>
CC: www-security <www-security@ns2.rutgers.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
Ronald van Kuijk wrote:
>
> peng-chiew low wrote:
> >
> > Hi!
> >
> > Just wondering if anyone out there knows whether it is difficult to
> > integrate an encryption module to Netscape Commerce Server.
> >
> > We are *NOT* reinventing the wheel since only 40bits SSL are permitted
> > to be exported out of the U.S. and we need an additional security for
> > financial transactions. Thanks.
>
> We need it to, but what I was wondering is why Netscape isn't
> doing this themselves: producing software outside the US, without using
> the RSAref library.
It is not at all clear that it would be legal. By sending the non-crypto
part of Netscape Navigator outside the US for the purposes of retrofitting
strong crypto, we may be commiting a criminal conspiracy to get around
the ITAR. The whole thing is a horrible mess that makes little sense
to normal humans, and does not seem subject to logic.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
