[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed Extensions to TLS for OpenPGP

To: EKR <ekr@xxxxxxxxxx>
Subject: Re: Proposed Extensions to TLS for OpenPGP
From: Steve Schear <schear@xxxxxxxx>
Date: Thu, 1 Jan 1998 21:02:16 -0800
Cc: ietf-tls@xxxxxxxxxxxxx, ietf-open-pgp@xxxxxxx
In-reply-to: <>
References: Your message of "Thu, 01 Jan 1998 17:40:52 PST." <>
Sender: owner-ietf-open-pgp@xxxxxxx

At 7:34 PM -0800 1/1/98, EKR wrote:
>You write:
>> >Incidentally, I think this is probably a dangerous course of
>> >action. The EAR <http://www.bxa.doc.gov/supp6.htm> 7 day review
>> >criteria explicitly state:
>> >
>> >   (iv) The software must not allow the alteration of the data 
>> >encryption mechanism and its associated key spaces by the user or 
>> >any other program
>> >
>> >It seem that Fortify is a constructive proof that the program
>> >in question violates this criterion. That doesn't mean it's
>> >ineligible for CJ completely but I wouldn't want to try to get
>> >approval for it either.
>> 
>> I'm sure the EAR enforcement folks are well aware of how well or poorly various software they approve for export adhere to regulation.  I'll leave it to the individual corporations and EAR to soft this out.
>> 
>> The point I was trying to make is that from a practical standpoint
>> companies like Netscape need change nothing.  Just keep their code
>> structured the same way and let unrelated 3rd parties "do the dirty
>> work." 
>I think we're in violent agreement here, then.

Some companies have a strong idiological calling and need to follow that star (i.e., PGP).  Others are spineless jellyfish who go along to get along, hoping that this path will keep them in the good graces of the Dept. of Commerce.  Many fall somewhere in between.  

I don't see Netscape playing the martyr or using PGP/C2's legal guerilla tactics to enbable strong crypto systems and applications, it's just not their style.  They do seem to be, however, keenly aware of the PR associated with championing reliable transaction privacy and the adverse PR from being hacked (especially from weak crypto).  Keeping their products hackable, perhaps even anonymously supporting those doing the hacking, while staying within the letter of the law and publicly and privately pressuring for true crypto reform might be their best course.

For many, including myself, guerilla tactics are more attractive due to economic factors.  Also, I have less to lose.

--Steve

PGP mail preferred, see  	http://www.pgp.com and
				http://web.mit.edu/network/pgp.html

RSA fingerprint: FE90 1A95 9DEA 8D61  812E CCA9 A44A FBA9
RSA key: http://keys.pgp.com:11371/pks/lookup?op=index&search=0x55C78B0D
---------------------------------------------------------------------
Steve Schear              | tel: (702) 658-2654
CEO                       | fax: (702) 658-2673
First ECache Corporation  |
7075 West Gowan Road      |
Suite 2148                |
Las Vegas, NV 89129       | Internet: schear@xxxxxxxx
---------------------------------------------------------------------

	I know not what course others may take; but as for me, 
	give me ECache or give me debt!

	"It's your Cache"

References:
- Re: Proposed Extensions to TLS for OpenPGP
  - From: Steve Schear
- Re: Proposed Extensions to TLS for OpenPGP
  - From: EKR

Prev by Date: Re: Proposed Extensions to TLS for OpenPGP
Next by Date: Re: Proposed Extensions to TLS for OpenPGP
Previous by thread: Re: Proposed Extensions to TLS for OpenPGP
Next by thread: Re: Proposed Extensions to TLS for OpenPGP
Index(es):
- Date
- Thread