Jonathan Wilson wrote: > I know about the crypto FAQ & have read it. > My question is this: > Given that, in light of the recent attacks, the US government is likely > to take the knee-jerk reaction and restrict crypto in some way, how will > the mozilla project handle this?
My apologies for the delay in responding; what follows are my personal opinions: IMO it's premature to speculate in the absence of any announced changes to the existing US encryption export regulations. Such changes might range from the relatively minimal (e.g., requiring domain name checking on open source crypto downloads from US-based servers) to the draconian (e.g., outlawing the use or export of crypto software without mandated "back doors"), and given that it's impossible to formulate a simple answer to a question like "how will the Mozilla project handle this?". There are only two things I can be pretty sure of: First, whatever the changes (if any) turn out to be, US-based organizations involved with Mozilla will comply with whatever the new laws and regulations turn out to be, even if in practice that means getting out of the business of developing and distributing open source crypto software. Individual crypto developers are of course free to quietly ignore more restrictive laws and regulations, or even to engage in highly visible civil disobedience; however US-based corporations involved in crypto development can't afford to do this, given the legal risk they'd bring upon themselves. (In this connection, note that most mozilla.org staff are US-based employees of US-based corporations, and the key Mozilla servers are US-based. So "mozilla.org" in that sense is going to be constrained by US laws and regulations.) Second, the current Mozilla crypto source code is already available on non-US download sites, and neither the US government nor anyone else has the legal power or technical capability to get it back. (I'm not a CVS expert, so I can't comment on the technical difficulty of setting up a full writable copy of the current Mozilla CVS repository, or at least the crypto part of it.) Frank -- Frank Hecker [EMAIL PROTECTED]
