From owner-freebsd-hackers  Mon Oct  6 11:39:03 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id LAA18354
          for hackers-outgoing; Mon, 6 Oct 1997 11:39:03 -0700 (PDT)
          (envelope-from owner-freebsd-hackers)
Received: from ns.mt.sri.com (SRI-56K-FR.mt.net [206.127.65.42])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA18339
          for <hackers@freebsd.org>; Mon, 6 Oct 1997 11:38:54 -0700 (PDT)
          (envelope-from nate@rocky.mt.sri.com)
Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100])
	by ns.mt.sri.com (8.8.7/8.8.7) with ESMTP id MAA15232;
	Mon, 6 Oct 1997 12:35:52 -0600 (MDT)
Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id MAA01035; Mon, 6 Oct 1997 12:35:52 -0600 (MDT)
Date: Mon, 6 Oct 1997 12:35:52 -0600 (MDT)
Message-Id: <199710061835.MAA01035@rocky.mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: Amancio Hasty <hasty@rah.star-gate.com>
Cc: patl@phoenix.volant.org, Terry Lambert <tlambert@primenet.com>,
        Bradley Dunn <bradley@dunn.org>, scrappy@hub.org, hackers@freebsd.org
Subject: Re: Netscape 4.03b8 and Encryption: 
In-Reply-To: <199710061751.KAA14072@rah.star-gate.com>
References: <199710061751.KAA14072@rah.star-gate.com>
X-Mailer: VM 6.29 under 19.15 XEmacs Lucid
Sender: owner-freebsd-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> 
> >From The Desk Of patl@phoenix.volant.org :
> > > Better yet, ask them to make encryption pluggable, and ask them for sample
> > > code for a 40 bit encryption, and make a 128 bit module for yourself.
> > > 
> > > If you can get someone in S.A. (or elsewhere) to do it, then NetScape
> > > can work around the export restrictions (and Microsoft can't).  This
> > > should be very desirable for them, actually.
> > 
> > Great idea; but I believe that the export restrictions prohibit
> > pluggable cryptography.
> > 
>
> Nope.

If you want to make sure you don't get in trouble, the answer is *yep*.
They don't want the end-user to be able to 'skirt' around the issue by
using 3rd party software developed out of the country.  However, if you
can provide a way of doing that isn't *only* for crytography you might
get away with it.

(I'm not a lawyer, but I have to act like one at work b/c we're doing
stuff overseas...)





Nate