At 6:44 PM 11/17/96 -0800, Lucky Green wrote:
I have a hard time believing that Netscape caved. As I wrote in July, HP was working on selling our children's birthright to obtain an export license for their product. But Netscape participating in this just doesn't sound right.
I agree about Netscape. IMHO they started with their hearts in the right place, but with a naive lack of experience in real-world security. Since their hearts are in the right place, and they have good people, they have improved a LOT in the last year.
Since I am inherently optimistic, one ray of light may be that the San Jose Mercury News was mentioning the ability to export the system, and then when the necessary licenses (US and foreign) were obtained, turn on the encryption. I guess from this that the encryption is in hardware. Now, software/hardware interfaces are usually fairly simple, so what we have here is a software system with a crypto hook.
One possibility is that all crypto is done in hardware. The recent announcements by many hardware manufacturers that smartcard readers will be included in all their products (MS will put them into their keyboards) might get the necessary infrastructure deployed.
I was assuming that you would interface software crypto where the hardware crypto goes. The best way to hack this will depend on the specific implementation. (At the same time you are gronking* the software calls to the hardware, you can gronk the signature checking code.) * gronk v.t. To hit over the head with a club. From Johnny Hart's cartoon, B.C. ------------------------------------------------------------------------- Bill Frantz | The lottery is a tax on | Periwinkle -- Consulting (408)356-8506 | those who can't do math. | 16345 Englewood Ave. frantz@netcom.com | - Who 1st said this? | Los Gatos, CA 95032, USA