RE: [rc5] Netscape 128bits

Darrell Kindred (dkindred@cmu.edu)
Tue, 24 Jun 1997 19:52:00 -0400


Joe Robins writes:
> >From my reading of this information, Netscape has only been granted
> >export to _banks_ worldwide, not customers in general. This makes it
> >more secure for U.S. citizens to deal with banks in foreign countries
> >but does nothing for customers in foreign countries to deal more
> >securely with companies or individuals in the U.S.
>
> I quote from the press release:
> [omitted]
>
> This shows that there's two separate issues that were dealt with. The
> second is just for banks, and deals with the SuiteSpot server software.
> But the first one is for the Communicator software, which is available to
> anyone who wants it. Thus, this allows foreign customers to have safe
> transactions with US companies.

It's not clear to me that Netscape is being allowed to
export browsers with unrestricted 128-bit encryption.
Note the key word "certified" in this excerpt from the press
release:

Netscape Communicator . . . would allow users worldwide
to enjoy far greater protection for their information
when communicating with certified, strong encryption
applications on Intranets and the Internet.

This later excerpt again suggests that the 128-bit
encryption will only be enabled when you're communicating
with a certified bank:

This will allow Netscape Communicator users to access
their banking information from almost anywhere in the
world and communicate using strong encryption with those
banks which have implemented Netscape SuiteSpot servers
and completed the certification process.

It looks like non-U.S. Netscape users will be able to
communicate securely with certified banks, but it's not
clear to me that they will be able to communicate securely
with other kinds of companies or individuals either inside
or outside the U.S.

- Darrell