From owner-freebsd-hackers  Mon Oct  6 12:28:00 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id MAA21525
          for hackers-outgoing; Mon, 6 Oct 1997 12:28:00 -0700 (PDT)
          (envelope-from owner-freebsd-hackers)
Received: from rah.star-gate.com (rah.star-gate.com [204.188.121.18])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA21514
          for <hackers@freebsd.org>; Mon, 6 Oct 1997 12:27:55 -0700 (PDT)
          (envelope-from hasty@rah.star-gate.com)
Received: from rah.star-gate.com (localhost.star-gate.com [127.0.0.1])
	by rah.star-gate.com (8.8.7/8.8.5) with ESMTP id MAA14651;
	Mon, 6 Oct 1997 12:27:16 -0700 (PDT)
Message-Id: <199710061927.MAA14651@rah.star-gate.com>
To: Nate Williams <nate@mt.sri.com>
cc: patl@phoenix.volant.org, Terry Lambert <tlambert@primenet.com>,
        Bradley Dunn <bradley@dunn.org>, scrappy@hub.org, hackers@freebsd.org
Subject: Re: Netscape 4.03b8 and Encryption: 
In-reply-to: Your message of "Mon, 06 Oct 1997 12:35:52 MDT."
             <199710061835.MAA01035@rocky.mt.sri.com> 
Date: Mon, 06 Oct 1997 12:27:16 -0700
From: Amancio Hasty <hasty@rah.star-gate.com>
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Usual disclaimer with respect to this issue: I am not a lawyer.

Currently, my day job involves network security for a very 
big firm and yes we have to deal with export issues.

	Amancio
>From The Desk Of Nate Williams :
> > 
> > >From The Desk Of patl@phoenix.volant.org :
> > > > Better yet, ask them to make encryption pluggable, and ask them for sample
> > > > code for a 40 bit encryption, and make a 128 bit module for yourself.
> > > > 
> > > > If you can get someone in S.A. (or elsewhere) to do it, then NetScape
> > > > can work around the export restrictions (and Microsoft can't).  This
> > > > should be very desirable for them, actually.
> > > 
> > > Great idea; but I believe that the export restrictions prohibit
> > > pluggable cryptography.
> > > 
> >
> > Nope.
> 
> If you want to make sure you don't get in trouble, the answer is *yep*.
> They don't want the end-user to be able to 'skirt' around the issue by
> using 3rd party software developed out of the country.  However, if you
> can provide a way of doing that isn't *only* for crytography you might
> get away with it.
> 
> (I'm not a lawyer, but I have to act like one at work b/c we're doing
> stuff overseas...)
> 
> 
> 
> 
> 
> Nate