In message <00ee01bf3c40$08c1df00$[EMAIL PROTECTED]>, "Matthew Ham
rick" writes:
> This moves the problem of what gets
> exported from the application developer to the CA issuing the super
> cert. While I'm not sure, I'm guessing that VeriSign can't issue a
> super cert to Uncle Saddam, but Thawte being in South Africa may have
> more leeway in this regard.
There are some fascinating imlications here. First, as you note, export
controls are now tied to certificate issuance. Certificates are for
authentication, and would not normally be controlled -- but this type is.
Second, a browser that accepts a magical (i.e., strong crypto) certificate
from J. Random CA can be seen as "crypto with a hole", and hence not
exportable -- unless, of course, there's a built-in list of trusted CAs. (We
can take that idea even further by imagining certificates that actually
contain the crypto code, a la PolicyMaker. Active code in your certificates,
which have to be processed inside (or at least close to) your trusted base...)
Finally, if the government has a new excuse for poking its nose into CA
operations, what other requirements will they impose? I think we know the
answer to that... (If you're in any doubt, have a look at
http://www.uspto.gov/web/offices/ac/ahrpa/opa/pulse/9712.htm -- electronic
filing of patent applications has been held up until a completely gratuitous
key recovery mechanism is built in.)
--Steve Bellovin