At 07:00 PM 7/23/96 +0000, The Deviant wrote:
On Mon, 22 Jul 1996, Tom Weinstein wrote:
Also, notice the simple verification system MIT was allowed to use, and the complex one we're required to use.
I'm curious, exactly whop is it that _required_ you to use that system.?
Excellent point. There's a difference (or, at least, there had BETTER BE a difference!) between following the laws and "doing everything the government wants, exactly the way it wants." It would be interesting to see the specific explanation which was given Netscape as to why they were required (if, indeed, they were required...) to use a specific system. It seems to me that a far more productive stance by Netscape would have been to say to the State Department, "We're going to put this software on the 'net. We're happy to put in any precautions which are SPECIFICALLY required under law and/or ITAR. However, we insist that you document the fact that they are required, with full and complete legal explanations for your assertions. Moreover, we insist that you explain why this position is consistent with MIT's posting of PGP." At the very least, this would have set the government's position WRT ITAR in stone, Part of the reason the governemnt has gotten so much 'mileage' out of ITAR is the fact that they morph it to do whatever they want, whenever they want. The best way to fight this is to tie down their position. Jim Bell jimbell@pacifier.com
-----BEGIN PGP SIGNED MESSAGE----- On Wed, 24 Jul 1996, jim bell wrote:
Date: Wed, 24 Jul 1996 10:52:01 -0800 From: jim bell <jimbell@pacifier.com> To: The Deviant <deviant@pooh-corner.com>, Tom Weinstein <tomw@netscape.com> Cc: cypherpunks@toad.com Subject: Re: Netscape
At 07:00 PM 7/23/96 +0000, The Deviant wrote:
On Mon, 22 Jul 1996, Tom Weinstein wrote:
Also, notice the simple verification system MIT was allowed to use, and the complex one we're required to use.
I'm curious, exactly whop is it that _required_ you to use that system.?
Damn I can't type at that hour.
Excellent point. There's a difference (or, at least, there had BETTER BE a difference!) between following the laws and "doing everything the government wants, exactly the way it wants." It would be interesting to see the specific explanation which was given Netscape as to why they were required (if, indeed, they were required...) to use a specific system.
Something which we are still waiting for...
It seems to me that a far more productive stance by Netscape would have been to say to the State Department, "We're going to put this software on the 'net. We're happy to put in any precautions which are SPECIFICALLY required under law and/or ITAR. However, we insist that you document the fact that they are required, with full and complete legal explanations for your assertions. Moreover, we insist that you explain why this position is consistent with MIT's posting of PGP."
I would have suggested even being as nice as "We'll do the same as MIT does with PGP's distrobution, or RSA does with RSAREF (just so you'll know, RSA's FTP basicly has a readme file that says "the files in subdir of a dir thats -r+x to you, so if you're a citizen go to dist/usaRANDOM_NUMBER_HERE", thats it). Then make them explain why Netscape should be any different.
At the very least, this would have set the government's position WRT ITAR in stone, Part of the reason the governemnt has gotten so much 'mileage' out of ITAR is the fact that they morph it to do whatever they want, whenever they want. The best way to fight this is to tie down their position.
Something which has to be done sometime, sooner preferably. --Deviant Talking much about oneself can also be a means to conceal oneself. -- Friedrich Nietzsche -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMfZthDAJap8fyDMVAQFAnwf9EM7i0HecB4+m7E0Rlz0tbogkVhcdqCoe to1tiW7hz0kyBCeONoAnvJaT0fCGc/R8d7M4G6ZeCsGdb+VY21NbgmKIzhhsCqW5 rnEb0KXQkKGvXiQzZXfBS0kHylO+4to+hSYCQTLyIZZPKLifZvQerZHfGvU3Auos dLk+k1l0kZnoxrzyJDD0hcaAp8Td90J2pbrTr8bgNhqNGozLTuV0QWEnqY5ygWd7 IkTrQppoSJ6zLDMvw52ckDMJCeDsik/Vuh24cqCN9/ztgiol5m1Dq+YYk+48XP3D En+xhgWz0ujttkcY1N5I5HK7QWK17g+LWL/eNfVsxXRTIQkrkKZPuA== =IlTW -----END PGP SIGNATURE-----
The Deviant wrote:
I would have suggested even being as nice as "We'll do the same as MIT does with PGP's distrobution, or RSA does with RSAREF (just so you'll know, RSA's FTP basicly has a readme file that says "the files in subdir of a dir thats -r+x to you, so if you're a citizen go to dist/usaRANDOM_NUMBER_HERE", thats it). Then make them explain why Netscape should be any different.
MIT reportedly has a letter stating that their systems is okay. The state department wouldn't give us such a letter because they were "currently reevaluating their guidelines", or some such thing. We convinced them to give us temporary permission for this system until they had finalized their new policy. -- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw@netscape.com
At 11:37 AM -0700 7/24/96, The Deviant wrote:
(just so you'll know, RSA's FTP basicly has a readme file that says "the files in subdir of a dir thats -r+x to you, so if you're a citizen go to dist/usaRANDOM_NUMBER_HERE", thats it). Then make them explain why Netscape should be any different.
I don't KNOW, but a reasonable speculation is because Netscape is a complete operating package and RSAREF is a set of subroutines or (in the case of MIT PGP, a pre/post processor). If, as I have often speculated, the objective is to keep mass market software with strong crypto out of foreign hands (and Netscape certainly qualifies given the number of copies out there), then one would expect more stringent rules for it, the Microsoft browser (when IT gets strong crypto), Lotus Notes, etc. David
participants (4)
-
David Sternlight -
jim bell -
The Deviant -
Tom Weinstein