Re: Proposed Extensions to TLS for OpenPGP

[Steve Schear <schear@xxxxxxxx>]

At 7:00 PM -0800 12/31/97, EKR wrote:
>In message <>, Steve Schear writes:
>>At 2:25 PM -0800 12/31/97, EKR wrote:
>>>Will Price <wprice@xxxxxxx> writes:
>>>> At 11:15 PM -0800 12/30/97, Eric Rescorla wrote:
>>
>>[big snip]
>>>Try to solve the following two examples:
>>>Netscape and Microsoft. Netscape has downloads off their web site.
>>>They want them to be easy. That means that the user can just
>>>point and click. That means the crypto must be exportable or none
>>>at all. Which do you suggest?
>>>Next consider Microsoft. They embed their browser in the OS (at
>>>least for now.). They want to ship that to foreigners. Again,
>>>the crypto has to be exportable or nonexistent. Which do you
>>>suggest?
>>>
>>>So, what do you suggest these companies do?
>>
>>How about funding programs such as Fortify, which patch browsers to enable 128
>>-bit SSL with all willing servers (whether or not they have supercerts)?
>That seems like a fine plan, but it doesn't really speak to what
>Netscape ships as a Netscape product, does it?
>
>-Ekr

Sure it does. (Hello, are you listening?) Fortify modifies the currently shipping, currently export approved Navigator/Communicator, allowing users anywhere to use its 128-bit SSL whenever they connect with a 128-bit capable SSL server (say a cypherpunk server at XS4all in the Netherlands).  Normally, 128-bit SSL is only enabled when these browsers connect with an SSL server which has a "supercert" issued with U.S. gov't approval (mostly to U.S. banks).

So strong crypto is now available, via an easily applied patch, to the most widely used export approved product.

--Steve