ietf-smime
[Top] [All Lists]

S/MIME Export and the IETF

1997-04-21 09:34:54
"The IETF has to get out of two businesses: (1) worrying about the market
share of a few U.S. software companies and (2) interpreting U.S. export
control laws.  

With a strong-encyption S/MIME standard, U.S. developers will support
S/MIME (strong) based upon a new IETF standard and international software
developers will support the S/MIME (strong) based upon the same standard.
On overseas versions, U.S. software companies can ship US/MIME (40-bit).  
If they're worried about losing market share, then they can build their 
client software with a universal API (or better yet, publish the source 
code) so that strong and weak crypto can both be supported.  Thus, when 
you export the program with US/MIME only, overseas developers could 
develop and integrate code based on the strong S/MIME.

So, you're so certain this would be non-exportable???  Why should the IETF
be in the business of determining what's exportable?  As someone here said,
large U.S. corporations routinely get permission to export 128-bit
encyption.  U.S. companies can develop their own strong encyrption plug-ins
to U.S. software company's client software and get permission to export
strong encyption with no sweat.  The Internet users are solving real
intellectual property and trade secret problems and the U.S. government is
fully cooperating with them.  They could care less about the market share
problems of U.S. software companies, who by the way, exist by virtue of
these Internet users.  Does the the IETF exist to solve the legal problems
of a few U.S. software companies or are they trying to solve real problems
that Internet users face every day???

The only course for the IETF is to just do what's technologically sound and
let innovation and the marketplace take its course.  Savvy U.S. software
developers will build API's to their client software (or just distribute
their source code, as any good cryptographic software should) and they and
their legal advisers, not you or the IETF, will make the decision as to
what's exportable.  By requiring a proprietary algorithm or code, the IETF
is in the business of enforcing export control laws AS THOSE LAWS ARE
INTERPRETED BY THE OWNER OF THE PROPRIETATY ALGORITYHM OR CODE.  It's about
time this stops.  Let's reflect upon the charter of the IETF and, if we
remember that we're here for the end users and customers, we'll make the
right decisions."

Bob Kohn, VP Business Dev. PGP, Inc.
kohn(_at_)pgp(_dot_)com



<Prev in Thread] Current Thread [Next in Thread>