This is the last I'm going to say on this topic. It takes too much energy, and
I have real work to do.
Adam Back wrote:
> Tom Weinstein writes:
>
> But that's not all, I have heard it claimed that most of the browsers
> in existance, inside and outside the US are 40 bit, many of the
> webservers inside and outside are, with the net result that probably
> 90+% of all SSL traffic is encrypted with 40 bit ciphers.
This is because it's so difficult to get a domestic version. We tried very
hard to get strong crypto out as far as we could, but we drew the line at what
the law allowed. As a corporation, we had to be careful about stepping over
that line, because we were at the mercy of the government to get export
licenses. I'm very encouraged by the progress in the Bernstein case, and
whenever we talked to the lawyers, that was always an issue.
> I wonder why it never occured to anyone at Netscape to write their
> crypto outside the US? (I'd have thought perhaps some of those
> ex-cypherpunk types who we all know are/were working there in roles
> such as the 'Electronic Munitions Specialist' etc. would have been
> familiar with the concept)
As a matter of fact, it did occur to us. It turned out that there were a lot
of problems with doing it. It's a lot easier for a company like PGP to do it
because their only product is the one they are giving away. The same goes for
Sameer. For a company like Netscape that sells a wide variety of products,
it's a lot harder.
> I mean if Sameer can do it, and Sun Micro can do it, and RSADSI can do
> it why can't Netscape? Not like Netscape is short of a few bob to
> open an office somewhere.
Sun caught all kinds of hell from the Commerce Department, too. If you aren't
familiar with this, you should talk to some of the people who were involved.
Even as it was, we were under a lot of scrutiny for SSLeay and Fortify, which
we had nothing to do with.
> Netscape, and many other US companies *have* been losing money to
> non-US companies *because* the US companies have been putting 'export
> grade crypto into their products'.
I certainly won't argue with this because it's true. Just because we didn't
fight it the way you might have wanted us to doesn't mean we weren't aware of
the problem.
--
What is appropriate for the master is not appropriate| Tom Weinstein
for the novice. You must understand Tao before | [EMAIL PROTECTED]
transcending structure. -- The Tao of Programming |
