[643] in cryptography@c2.net mail archive
Re: Netscape cripples French software
daemon@ATHENA.MIT.EDU (Eric Murray)
Tue Apr 29 16:12:35 1997
From: Eric Murray <ericm@lne.com>
To: ben@algroup.co.uk
Date: Tue, 29 Apr 1997 12:42:18 -0700 (PDT)
Cc: tomw@netscape.com, froomkin@law.miami.edu, cryptography@c2.net,
reidenberg@sprynet.com
In-Reply-To: <9704292000.aa15551@gonzo.ben.algroup.co.uk> from "Ben Laurie" at Apr 29, 97 08:00:34 pm
Ben Laurie writes:
>
> Tom Weinstein wrote:
> >
> > What we're actually doing (starting in PR4) is separating out the
> > export crippling from the executable. There will only be one
> > executable (modulo l10n) and it will be configured by a signed policy
> > file. In France, we'll have a policy file that will turn off all
> > encryption, and only allow signing. In the US and Canada, we'll have
> > one that lets you do everything. Everywhere else we'll have the normal
> > export policy.
>
> Gosh! The export laws allow you to do this?
I wonder what the black market in high-grade policy files will be?
Or will you be putting the purchaser's ID in each
policy file for tracking purposes?
How hard did you have to try to obfuscate the high-strength crypto calls
in the binary? Last time I talked to NSA export-control operatives
you had to scramble the names of the function calls. With some time
and a good debugger or decompiler it wouldn't be that hard to find
them and 'flip the switch' to turn on high-grade crypto.... does anything
prevent that?
--
Eric Murray ericm@lne.com Privacy through technology!
Network security and encryption consulting. PGP keyid:E03F65E5
