[927] in WWW Security List Archive
Re: What's the netscape problem
daemon@ATHENA.MIT.EDU (Rich Salz)
Sat Sep 23 09:23:04 1995
From: Rich Salz <rsalz@osf.org>
Date: Sat, 23 Sep 1995 06:25:34 -0400
To: owner-www-security@ns2.rutgers.edu, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>So if a product like, say QuarterDeck Mosiac (I'm tired of netscape all
>the time), has a configuration that says use "external public key
>cryptography", and some way to control it's invocation and leaves it at
>that, that's legal.
The real answer is it depends.
If the code is easily modifiable so that you get a strong encryption
system that can encrypt anything a user types, the answer is no.
But a general hook to invoke external programs is hard to outlaw.
It's murky. It's (deliberately?) kept that way by having each export
attempt decided on a case-by-case basis.
/r$
