W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: Digest Authentication

From: Allan M. Schiffman <ams@terisa.com>
Date: Mon, 1 Jan 1996 13:30:36 -0800
Message-Id: <v02130500ad0e01704a95@[205.226.39.192]>
To: Ned Freed <NED@innosoft.com>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, www-security@ns2.rutgers.edu, "Robert W. Shirey" <rshirey@bbn.com>
>In other words, the status of authentication-only systems is peculiar. First it
>is specifically exempted from one item on the munitions list, but then there's
>another item on the list that appears to include it in spite of the earlier
>exemption.
I stand corrected. Thanks, Ned. Wishful thinking on my part, I guess.

>The bottom line is that if you intend to export anything that uses
>cryptographic methods, you'd best hire a lawyer familiar with export law and
>get approval for it. You'll probably have no problem with authentication.
The bottom line for Digest Authentication means, then, that domestic
developers who include this mechanism would need to apply for some sort of
export approval (presumably they would apply for CJ and get it).

-Allan
Received on Monday, 1 January 1996 13:29:16 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:42 EDT