Re: [rc5] Netscape 128bits

Karl J. runge (runge@jfku.edu)
Tue, 24 Jun 1997 19:47:39 -0800 (PDT)


> It's not clear to me that Netscape is being allowed to
> export browsers with unrestricted 128-bit encryption.
> Note the key word "certified" in this excerpt from the press
> release:
>
> Netscape Communicator . . . would allow users worldwide
> to enjoy far greater protection for their information
> when communicating with certified, strong encryption
> applications on Intranets and the Internet.

I'm guessing/hoping the "certified" means the Verisign CA, but I
may be wrong.

QUESTION: Does anywhere in the press release indicate this new
situation does not require Key Escrow?? Maybe I missed it, I think
this is crucial information.

> This later excerpt again suggests that the 128-bit
> encryption will only be enabled when you're communicating
> with a certified bank:
>
> This will allow Netscape Communicator users to access
> their banking information from almost anywhere in the
> world and communicate using strong encryption with those
> banks which have implemented Netscape SuiteSpot servers
> and completed the certification process.
>
> It looks like non-U.S. Netscape users will be able to
> communicate securely with certified banks, but it's not
> clear to me that they will be able to communicate securely
> with other kinds of companies or individuals either inside
> or outside the U.S.

I don't know enough about SSL, etc if Netscape browser can
communicate with other Secure http servers. Is Netscape the
only secure server? If so what has Europe been using for HTTPS? 40bit?

Exporting strong (w/o key escrow) browsers is a good start IMHO.