On Thu, 3 Oct 2002, Stephen Sprunk wrote:
Thus spake "Ralph Doncaster" <ralph@istop.com>
That's basically all Netscape & Microsoft were doing when they had to restrict 128-bit SSL. They threw in the requirement to enter your address & phone number, but they had no way of telling if you were entering your address, or the one you got from doing a four11.com lookup of John Smith in Plano, Tx.
The new crypto regulations allow shrink-wrapped software to be exported if the receiver claims to be authorized; there is no legal requirement on the exporter to actually verify this status...
One of my clients is a large computer security software company. According to them, it's not just crypto export rules that are the concern, but also the ITAR countries (N. Korea, Lybia, Cuba, ...). As well they are concerned about liabilities in countries like France where it is illegal to import crypto so they want to restrict people from France too. -Ralph