At 06:39 PM 7/24/96 -0700, Tom Weinstein wrote:
The Deviant wrote:
I would have suggested even being as nice as "We'll do the same as MIT does with PGP's distrobution, or RSA does with RSAREF (just so you'll know, RSA's FTP basicly has a readme file that says "the files in subdir of a dir thats -r+x to you, so if you're a citizen go to dist/usaRANDOM_NUMBER_HERE", thats it). Then make them explain why Netscape should be any different.
MIT reportedly has a letter stating that their systems is okay. The state department wouldn't give us such a letter because they were "currently reevaluating their guidelines", or some such thing. We convinced them to give us temporary permission for this system until they had finalized their new policy.
That still doesn't make since. First, there were laws. And we had to obey them. Then, they added ITAR. And they want us to obey it. Finally, it seems, they're giving us "guidelines." Not law, Not ITAR. Next it's gonna be their their fondest desires, their preferences,and finally their whims. What's wrong with this picture? Do I detect an ass-kissing contest? You should have told them that if they're "evaluating their guidelines" that means that NO future modifications to those guidelines is binding on you, since it is not part of ITAR and is CERTAINLY not part of the law. You should have memorialized the contact with a lawyer's letter, and promptly posted the new version of your software with whatever version of the precautions (MIT, RSA, or?) you felt most happy with. Jim Bell jimbell@pacifier.com
jim bell wrote:
At 06:39 PM 7/24/96 -0700, Tom Weinstein wrote:
The Deviant wrote:
I would have suggested even being as nice as "We'll do the same as MIT does with PGP's distrobution, or RSA does with RSAREF (just so you'll know, RSA's FTP basicly has a readme file that says "the files in subdir of a dir thats -r+x to you, so if you're a citizen go to dist/usaRANDOM_NUMBER_HERE", thats it). Then make them explain why Netscape should be any different.
MIT reportedly has a letter stating that their systems is okay. The state department wouldn't give us such a letter because they were "currently reevaluating their guidelines", or some such thing. We convinced them to give us temporary permission for this system until they had finalized their new policy.
That still doesn't make since.
First, there were laws. And we had to obey them.
Then, they added ITAR. And they want us to obey it.
Finally, it seems, they're giving us "guidelines." Not law, Not ITAR.
Next it's gonna be their their fondest desires, their preferences,and finally their whims.
What's wrong with this picture? Do I detect an ass-kissing contest?
If we chose to "kiss ass", we would not be distributing software that does strong encryption over the internet. We would not be selling millions of copies in thousands of retail outlets across the country. We would be doing what some other companies have been doing for years, which is only produce export grade crypto, even for US customers. The simple fact is that our executives decided not to provide our US software for download over the internet until we got a written statement from the Office of Defense Trade Controls that we would not be prosecuted for such actions. This decision was made by our executives based on advice given them by lawyers that they trust. The requirements imposed by the government were to get this written statement. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
Jeff Weinstein writes:
The simple fact is that our executives decided not to provide our US software for download over the internet until we got a written statement from the Office of Defense Trade Controls that we would not be prosecuted for such actions. This decision was made by our executives based on advice given them by lawyers that they trust. The requirements imposed by the government were to get this written statement.
Would people quit harassing Netscape? I don't like many things that Netscape does (SSL instead of SHTTP, etc., private HTML extensions, etc) but they are at least providing decent security, and by my lights they are under no moral obligation to martyr themselves. There is no moral obligation to sacrifice ones self for others. If they choose not to break the law so that they can continue to do their work and not go to jail, that is their choice. We have no cause to harass them for failing to put up their own cross. Indeed, some people here seem to want them not just to build the cross but nail themselves to it. Thats asking a bit much by my wa of thinking. Leave 'em alone. I'm happy that I can now transfer web pages over 128 bit RC4. I'd prefer to have the pages themselves protected and signed a la SHTTP, but thats a subtle technical consideration. Their hearts are in the right place. Perry
-----BEGIN PGP SIGNED MESSAGE----- hOn Wed, 24 Jul 1996, jim bell wrote:
Date: Wed, 24 Jul 1996 20:16:52 -0800 From: jim bell <jimbell@pacifier.com> To: Tom Weinstein <tomw@netscape.com>, The Deviant <deviant@pooh-corner.com> Cc: cypherpunks@toad.com Subject: Re: Netscape
At 06:39 PM 7/24/96 -0700, Tom Weinstein wrote:
The Deviant wrote:
I would have suggested even being as nice as "We'll do the same as MIT does with PGP's distrobution, or RSA does with RSAREF (just so you'll know, RSA's FTP basicly has a readme file that says "the files in subdir of a dir thats -r+x to you, so if you're a citizen go to dist/usaRANDOM_NUMBER_HERE", thats it). Then make them explain why Netscape should be any different.
MIT reportedly has a letter stating that their systems is okay. The state department wouldn't give us such a letter because they were "currently reevaluating their guidelines", or some such thing. We convinced them to give us temporary permission for this system until they had finalized their new policy.
That still doesn't make since.
First, there were laws. And we had to obey them.
Then, they added ITAR. And they want us to obey it.
Finally, it seems, they're giving us "guidelines." Not law, Not ITAR.
Next it's gonna be their their fondest desires, their preferences,and finally their whims.
What's wrong with this picture? Do I detect an ass-kissing contest?
Yup.. thats it. And they said I was an idiot when I [Correctly] said that Netscape wasn't activly fighting the ITAR.
You should have told them that if they're "evaluating their guidelines" that means that NO future modifications to those guidelines is binding on you, since it is not part of ITAR and is CERTAINLY not part of the law. You should have memorialized the contact with a lawyer's letter, and promptly posted the new version of your software with whatever version of the precautions (MIT, RSA, or?) you felt most happy with.
Or even better... Lets look at this version... lets say I get my internet service from MCI. Now lets say I put crypto on my web page. When somebody from out of the country visits my web page, and downloads it, who's exporting it? Them, MCI, or me? I'd say they are, and I doubt ITAR covers this... this is one of those things thats covered in "guidelines". ;) umm.... Smooch Smooch? --Deviant Unix is the worst operating system; except for all others. -- Berry Kercheval -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMferwjAJap8fyDMVAQHyMgf9EiBGYs+ZKyZ9Bq+PK8rsAbbXAzlrk0Zl AfWnnmwiRFZjK6KwNcxqmoCtSYqu2a0V6tuDzcwwHpU/buu5GD7NBa+2BjD9FqlM zF1nd72HKfBo8o8+ZZRyCzk+6z8vRdVp+MxTEdlyc6cHKZjih4uTGAK5GLBWaJgs O+58WvtYWYU1r8F+OBlhNvxCkiiKRSROKO/fByX6eSf/u/J+jY5zsO/Ul+zYLvPM ATQGLwWa4Sxvszkdqh2RcCCK7qoIeMPQ68B6pvB0nI4/suQLrTe6SHCP6kLCKT71 Cn40OmbWE7IEDaIalb7jCKMwgJB2Ut7zgWHhIMmnJVBiq8elnbRXvg== =hR/j -----END PGP SIGNATURE-----
participants (4)
-
Jeff Weinstein -
jim bell -
Perry E. Metzger -
The Deviant