[914] in WWW Security List Archive
Re: What's the netscape problem
daemon@ATHENA.MIT.EDU (Chuck Yerkes)
Fri Sep 22 21:09:31 1995
From: "Chuck Yerkes" <yerkes_chuck@jpmorgan.com>
Date: Fri, 22 Sep 1995 18:14:21 -0400
In-Reply-To: Amir Herzberg <amir@watson.ibm.com>
"Re: What's the netscape problem" (Sep 22, 12:55pm)
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
On Sep 22, 12:55pm, Amir Herzberg wrote:
> Subject: Re: What's the netscape problem
> > Large companies already routinely do crypto work in Switzerland.
>
> Unfortunately, as far as I know (read: our lawyers told me), as long as
> the work is done by `a US company or its subsidery', it is still under ITAR.
> This obviously puts US companies in disadvantage, and I believe they do their
> best to change the situation (but obviously that is not enough).
>
> Companies may certainly have _others_ do the crypto work to integrate with
> their products, but this is not so simple, since - as you say - ...
So if a product like, say QuarterDeck Mosiac (I'm tired of netscape all
the time), has a configuration that says use "external public key
cryptography", and some way to control it's invocation and leaves it at
that, that's legal.
Now if, in use, the clients get PGP, or RSA, or whatever, ON THEIR OWN, no
matter what country, and configure the product to use it (through the
generic hook), then the clients get PGP security, Quarterdeck exports
a product that can, with third party help, BECOME a highly secure product
and the NSA is left fuming in the corner looking for more ways to indict
Mr. Zimmerman, recent winner of Chrysler's freedom award (or somesuch).
chuck yerkes
Independent Consultant who is not representing a Big Bank.
