W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: Digest Authentication

From: Allan M. Schiffman <ams@terisa.com>
Date: Sun, 31 Dec 1995 16:53:32 -0800
Message-Id: <v02130502ad0cde4f3729@[205.226.39.192]>
To: Dan Stromberg - OAC-DCS <strombrg@hydra.acs.UCI.EDU>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, www-security@ns2.rutgers.edu
As you say, one can easily go astray making statements about ITAR. I'm no
expert, and worse, nobody can predict what the treatment will be in a given
situation be since such administrative rulings vary from case to case.

What I *do* know is how *I* behave, given my perhaps buggy understanding of
export regulations. Roughly speaking, if my software doesn't do encryption,
I export it without consideration of (the cryptography portion of) ITAR. If
I had code that did, say, digest authentication and nothing else, I
wouldn't hesitate to ship it overseas -- or put it on a public FTP server.

-Allan
Received on Sunday, 31 December 1995 16:51:38 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:42 EDT