1. Will there be pressures put on the browser companies (Netscape, Microsoft, etc.) and the e-mail companies (Qualcomm, Microsoft, Claris, Lotus, etc.) to produce a "world version" that meets export standards with a single shrink-wrapped package?
Qualcomm has elected not to directly support PGP in the past, and it would appear that NSA & State have broadly construed the ITAR sections on crypto capability to mean that apps which can plug in crypto modules are themselves not exportable (cf. Kerberos bones and the whole rationale behind the MS CryptoAPI.) However, Eudora 3.0 includes a plugin architecture for translators. These translators can be used in a variety of ways, including for message compression, foreign-language translation, and signatures. In fact, one of the sample "translators" provided provides a "sign with PGP" icon in the message composition window. Click it, put in your passphrase, and off you go-- much easier than any of the existing solutions. The plugin technology is such that it would be easy to write signature & encryption plugins to use your choice of technology: Fortezza, Entrust, PGP, IPG, or whatever. In fact, you might see Fortezza and Entrust plugins later this summer :) Several 'punks have speculated in the past about whether a general-purpose plugin architecture that could be used for crypto would subject the product to ITAR. Since I very seriously doubt Qualcomm would design & ship this capability without finding out whether such an architecture would render their product unexportable, my assumption is that (at least for now) there is no world version requirement-- but vendors still have to face the hassles of keeping, selling, and maintaining two separate versions. Ask Netscape how much fun _that_ is. -Paul -- Paul Robichaux LJL Enterprises, Inc. paul@ljl.com Be a cryptography user. Ask me how.