"Hackers"-- brief review and anecdote...

[Rich Salz]

>> If it wasn't for ITAR the Net would already have secure encryption and
>> authentication, and most such hacker attacks would be impossible (or at 
>> least impractical).

>The non-responsive answer is stricken from the record.  :-)
>You mean "secure" as Netscape was secure from sameer et al.?

I don't think it's non-response, I just think you don't understand
yhour expert witness.

If not for the ITAR then I could distribute my secure applications
as a binary library with the security part as source.  When you
got Netscape you'd read the security code or ask local experts to
do so.  You'd verify that the code was correct (or at least not
stupid).  You'd then compile the security code and link it against the
main object module and away you'd go.  If you didn't have a C compiler,
you'd get a binary from someone you trusted.

Of course, all this would be going on in parallel at thousands of sites
around the world.  Everyone looking at the code, finding holes, reporting
them, fixing security bugs, and so on.

But ITAR won't let you do that.

Or netscape would just make calls to the common open multiple-crypto
API that existed in a shared library in your machine.

But apparently the ITAR won't even let you do this.
	/r$