-----BEGIN PGP SIGNED MESSAGE----- hOn Wed, 24 Jul 1996, jim bell wrote:
Date: Wed, 24 Jul 1996 20:16:52 -0800 From: jim bell <jimbell@pacifier.com> To: Tom Weinstein <tomw@netscape.com>, The Deviant <deviant@pooh-corner.com> Cc: cypherpunks@toad.com Subject: Re: Netscape
At 06:39 PM 7/24/96 -0700, Tom Weinstein wrote:
The Deviant wrote:
I would have suggested even being as nice as "We'll do the same as MIT does with PGP's distrobution, or RSA does with RSAREF (just so you'll know, RSA's FTP basicly has a readme file that says "the files in subdir of a dir thats -r+x to you, so if you're a citizen go to dist/usaRANDOM_NUMBER_HERE", thats it). Then make them explain why Netscape should be any different.
MIT reportedly has a letter stating that their systems is okay. The state department wouldn't give us such a letter because they were "currently reevaluating their guidelines", or some such thing. We convinced them to give us temporary permission for this system until they had finalized their new policy.
That still doesn't make since.
First, there were laws. And we had to obey them.
Then, they added ITAR. And they want us to obey it.
Finally, it seems, they're giving us "guidelines." Not law, Not ITAR.
Next it's gonna be their their fondest desires, their preferences,and finally their whims.
What's wrong with this picture? Do I detect an ass-kissing contest?
Yup.. thats it. And they said I was an idiot when I [Correctly] said that Netscape wasn't activly fighting the ITAR.
You should have told them that if they're "evaluating their guidelines" that means that NO future modifications to those guidelines is binding on you, since it is not part of ITAR and is CERTAINLY not part of the law. You should have memorialized the contact with a lawyer's letter, and promptly posted the new version of your software with whatever version of the precautions (MIT, RSA, or?) you felt most happy with.
Or even better... Lets look at this version... lets say I get my internet service from MCI. Now lets say I put crypto on my web page. When somebody from out of the country visits my web page, and downloads it, who's exporting it? Them, MCI, or me? I'd say they are, and I doubt ITAR covers this... this is one of those things thats covered in "guidelines". ;) umm.... Smooch Smooch? --Deviant Unix is the worst operating system; except for all others. -- Berry Kercheval -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMferwjAJap8fyDMVAQHyMgf9EiBGYs+ZKyZ9Bq+PK8rsAbbXAzlrk0Zl AfWnnmwiRFZjK6KwNcxqmoCtSYqu2a0V6tuDzcwwHpU/buu5GD7NBa+2BjD9FqlM zF1nd72HKfBo8o8+ZZRyCzk+6z8vRdVp+MxTEdlyc6cHKZjih4uTGAK5GLBWaJgs O+58WvtYWYU1r8F+OBlhNvxCkiiKRSROKO/fByX6eSf/u/J+jY5zsO/Ul+zYLvPM ATQGLwWa4Sxvszkdqh2RcCCK7qoIeMPQ68B6pvB0nI4/suQLrTe6SHCP6kLCKT71 Cn40OmbWE7IEDaIalb7jCKMwgJB2Ut7zgWHhIMmnJVBiq8elnbRXvg== =hR/j -----END PGP SIGNATURE-----