- From: Allan M. Schiffman <ams@terisa.com>
- Date: Mon, 1 Jan 1996 13:30:36 -0800
- To: Ned Freed <NED@innosoft.com>
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, www-security@ns2.rutgers.edu, "Robert W. Shirey" <rshirey@bbn.com>
>In other words, the status of authentication-only systems is peculiar. First it >is specifically exempted from one item on the munitions list, but then there's >another item on the list that appears to include it in spite of the earlier >exemption. I stand corrected. Thanks, Ned. Wishful thinking on my part, I guess. >The bottom line is that if you intend to export anything that uses >cryptographic methods, you'd best hire a lawyer familiar with export law and >get approval for it. You'll probably have no problem with authentication. The bottom line for Digest Authentication means, then, that domestic developers who include this mechanism would need to apply for some sort of export approval (presumably they would apply for CJ and get it). -Allan
Received on Monday, 1 January 1996 13:29:16 UTC