On Thu, 17 Jul 1997, Michael Froomkin - U.Miami School of Law wrote:
I think it tells us that Verisign managed to convince the government that their product is only used for authentication, not encrypting content. Which appears currently to be true, no? And since AFIK (Please, someone, correct this if I'm wrong!) you can't with netscape anyway download another party's key that you verify with a Verisign certificate, it would take a fair amount of work for the ordinary user to set up a secure channel using the current Verisign infrastructure.
True, the certs themselves are not covered by the export controls. But we aren't talking about export law. We are talking about a four way contract between Netscape, Microsoft, VeriSign, and the US government. Under that contract: o VeriSign will only issue Global ID certs to US companies with all their servers located in the US and overseas banks with servers abroad that play by the USG's rules. Once the USG no longer approves of the participants using strong crypto with their customers, VeriSign will revoke the cert, disabling secure communications, and thereby severely damaging, if not destroying, the business of the party unfortunate enough to have relied on such a cert for their livelyhood. o Netscape and Microsoft get a blanket approval to ship their servers to non-US banks that meet the USG's criteria. o Netscape and Microsoft also receive approval to export browsers that can use strong crypto *exclusively* with sites the USG and VeriSign approve of. o The USG no longer has to waste time handling export applications it doesn't mind approving anyway, such as those for US-friendly foreign banks. And the USG no longer has to listen to US companies complain because they are unable to provide their non-US customers with secure access to the sever located in the US. Lastly, and most importantly, every purchaser of a VeriSign Global ID cert allows the USG and VeriSign to install a MASTER-OFF switch in the heart of their business. I feel sorry for the poor suckers that will lose home and hearth after subscribing to this fatally flawed solution. --Lucky