[Top] [All Lists]

Re: Proposed Extensions to TLS for OpenPGP

1998-01-01 20:29:43
You write:
Incidentally, I think this is probably a dangerous course of
action. The EAR <> 7 day review
criteria explicitly state:

  (iv) The software must not allow the alteration of the data 
encryption mechanism and its associated key spaces by the user or 
any other program

It seem that Fortify is a constructive proof that the program
in question violates this criterion. That doesn't mean it's
ineligible for CJ completely but I wouldn't want to try to get
approval for it either.

I'm sure the EAR enforcement folks are well aware of how well or poorly 
various software they approve for export adhere to regulation.  I'll leave it 
to the individual corporations and EAR to soft this out.

The point I was trying to make is that from a practical standpoint
companies like Netscape need change nothing.  Just keep their code
structured the same way and let unrelated 3rd parties "do the dirty
I think we're in violent agreement here, then.


[Eric Rescorla                             Terisa Systems, Inc.]
                "Put it in the top slot."

<Prev in Thread] Current Thread [Next in Thread>