[Top] [All Lists]

Re: Proposed Extensions to TLS for OpenPGP

1998-01-01 13:24:45
At 7:00 PM -0800 12/31/97, EKR wrote:
In message <v03102805b0d08d63c7cc(_at_)[208(_dot_)129(_dot_)55(_dot_)202]>, 
Steve Schear writes:
How about funding programs such as Fortify, which patch browsers to enable 
-bit SSL with all willing servers (whether or not they have supercerts)?
That seems like a fine plan, but it doesn't really speak to what
Netscape ships as a Netscape product, does it?

 Sure it does. (Hello, are you listening?) Fortify modifies the
currently shipping, currently export approved
Navigator/Communicator, allowing users anywhere to use its 128-bit
SSL whenever they connect with a 128-bit capable SSL server (say a
cypherpunk server at XS4all in the Netherlands).  Normally, 128-bit
SSL is only enabled when these browsers connect with an SSL server
which has a "supercert" issued with U.S. gov't approval (mostly to
U.S. banks).
 So strong crypto is now available, via an easily applied patch, to
the most widely used export approved product.
Sorry I wasn't clear. The point I was trying to make was
that Netscape would still have to ship their export products, no?
Otherwise Fortify doesn't work, right? That said, there will be
a lot of people who don't bother to upgrade (just like there
are a lot of Americans who don't bother to get the domestic
Netscape.) Consequently, we've still got a lot of export
SSL implementations floating around. Does that seem like a 
reasonable assessment of the situation to you?

Incidentally, I think this is probably a dangerous course of
action. The EAR <> 7 day review
criteria explicitly state:

   (iv) The software must not allow the alteration of the data 
encryption mechanism and its associated key spaces by the user or 
any other program

It seem that Fortify is a constructive proof that the program
in question violates this criterion. That doesn't mean it's
ineligible for CJ completely but I wouldn't want to try to get
approval for it either.

[Eric Rescorla                             Terisa Systems, Inc.]
                "Put it in the top slot."

<Prev in Thread] Current Thread [Next in Thread>