In article <199509201648.MAA14624@panix.com>, frissell@panix.com (Duncan Frissell) writes:
Updating Customers: Netscape will provide the fix for Export (40 bit) versions of Netscape Navigator later this week for downloading by customers on the Internet. Similarly, the Commerce Server patch for Export versions (40 bit) will be made available from our home page. Because downloading of 128 bit versions of the software . >is still not permitted by U.S. law, U.S. customers of Netscape Navigator, Netscape Navigator Personal Edition and Netscape Commerce Server using 128 bit versions can request the replacement from Netscape for delivery through the regular mail.
Funny, MIT and MPJ and others manage to enable the downloading of export-controlled software. Also, wasn't there some sort of promise by Netscape after we broke the 40-bit version to make the 128-bit version available to US users under the Beta/freeware system? What happened to that plan?
We are also examining some sort of binary patch technology, so that folks with the US-only version can easily download and apply the patch. I think that the general opinion of engineers and management here at Netscape is that it would be A Really Good Thing to have our US-only 128+ bit version of Netscape Navigator available for download by US citizens and others who are not legally prohibited from using it. As a matter of fact, up until the RNG thing hit on sunday night, I had been making myself a major pain in the ass to netscape managers and executive, bugging them every day for at least the past several weeks, to get a decision about making the US version available for free download. I know that MIT, RSA, and others make crypto code available for download with various mechanism. I'm sure that these institutions did not make the decision lightly. This issue is now a very high priority for our lawyers, but it will take some time for them to reach a legal opinion about Netscape's legal exposure. The fact that MIT and RSA have done it does not mean that the government will not go after Netscape for similar behavior. We all know what a juicy target Netscape is these days... :-) We have submitted our proposal for download checking to the State Dept. I think that our process does more validation than what others have done. The State Dept. has so far refused to send us any kind of written approval of our proposed methods. I know that many of you think that this is futile, and I won't dispute that, but I think we do have to make the effort in order for our case to hold up later. We do share your frustration at being forced to use weak crypto. This has been a major pain for us, but I believe that we are committed to continuing to produce a version with strong crypto (as long as it remains legal - sigh). I for one will always fight to ensure that we have a version of our Navigator that supports "strong" crypto, and to make that version easily and widely available. The governments attempts to get companies to produce watered down versions for the US because it is easier will not succeed here as long as I have any say in the matter. Also, the company has taken a vocal public position against the current ITAR restrictions and any sort of mandatory or government controlled key escrow. We are working on it. Please try to be patient. It is just as hard for us as it is for you... --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.