W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: Digest Authentication

From: Ned Freed <NED@innosoft.com>
Date: Mon, 01 Jan 1996 22:31:01 -0800 (PST)
To: ams@terisa.com
Cc: Ned Freed <NED@innosoft.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, www-security@ns2.rutgers.edu, "Robert W. Shirey" <rshirey@bbn.com>
Message-Id: <01HZIGIQRKYG9AMEPU@INNOSOFT.COM>
> > The bottom line is that if you intend to export anything that uses
> > cryptographic methods, you'd best hire a lawyer familiar with export law and
> > get approval for it. You'll probably have no problem with authentication.

> The bottom line for Digest Authentication means, then, that domestic
> developers who include this mechanism would need to apply for some sort of
> export approval (presumably they would apply for CJ and get it).

I have no reason to think otherwise. And for those who don't want to pay for a
lawyer, you can always try for it on your own. There's a "Do it yourself CJ
approval kit" available at:

   ftp://ftp.cygnus.com/pub/export/cjr.kit

Note that I am not recommending this approach -- I have not tried this kit and
cannot speak to whether or not it's the right way to go about it.

				Ned
Received on Monday, 1 January 1996 22:42:38 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:42 EDT