[646] in cryptography@c2.net mail archive
Re: Netscape cripples French software
daemon@ATHENA.MIT.EDU (Tom Weinstein)
Tue Apr 29 18:43:50 1997
Date: Tue, 29 Apr 1997 15:28:46 -0700
From: Tom Weinstein <tomw@netscape.com>
To: Eric Murray <ericm@lne.com>
CC: ben@algroup.co.uk, froomkin@law.miami.edu, cryptography@c2.net,
reidenberg@sprynet.com
Eric Murray wrote:
>
[ explanation of policy files snipped ]
> I wonder what the black market in high-grade policy files will be?
>
> Or will you be putting the purchaser's ID in each
> policy file for tracking purposes?
The policy files are export (and import) controlled, just like the
executable is. We've also put some (admitedly fairly weak) checks in
to try to prevent people from using the "wrong" policy file. With a
little thought, I'm sure you can figure out what they are.
> How hard did you have to try to obfuscate the high-strength crypto
> calls in the binary? Last time I talked to NSA export-control
> operatives you had to scramble the names of the function calls. With
> some time and a good debugger or decompiler it wouldn't be that hard
> to find them and 'flip the switch' to turn on high-grade crypto....
> does anything prevent that?
Doesn't C++ already do this? :-)
(actually, all our crypto code is ANSI C, not that anyone cares)
We don't obfuscate them at all. If you can hack the binary, you can
call them. It's not like the NSA doesn't know that strong crypto exists
overseas. They're just trying to prevent everyone from using it.
It's still not quite as easy as flipping a few bits to turn on strong
crypto.
--
You should only break rules of style if you can | Tom Weinstein
coherently explain what you gain by so doing. | tomw@netscape.com
