Tom Weinstein writes:
> I think your view only makes sense if you are only interested in
> protecting yourself against entities who have $100,000 (or $50,000,
> or whatever) to build a DES cracking machine. If, on the other
> hand, you're also worried about 12 year old kids who pass around
> lists of credit card numbers, then exportable crypto is useful to
> you. While the first group may be more scary to you, most people
> only care about the second group.
It is far safer to deploy only strong crypto. The user typically
doesn't know the difference. It's not like netscape advertise that
the crypto is broken. All it says is 'International Crypto'. How's a
poor non-crypto literate user supposed to know that this actually
means 'broken crap crypto'.
I'm with William on this one, selling that as 'secure software' is
fraud.
But that's not all, I have heard it claimed that most of the browsers
in existance, inside and outside the US are 40 bit, many of the
webservers inside and outside are, with the net result that probably
90+% of all SSL traffic is encrypted with 40 bit ciphers.
That's what netscape is contributing to, and that is a problem.
> Which is not to say that you're wrong about your priorities, but
> other people, rightly or wrongly, have different ones. Despite your
> contempt for Netscape and Microsoft, they do, in fact, sell strong
> crypto products where they are able to. If the CEOs of these
> companies went to their boards of directors and told them that they
> were going blow off the entire international market because they
> didn't want to put export grade crypto into their products, they'd
> be out of their jobs faster than you could say "stockholder
> lawsuit."
I wonder why it never occured to anyone at Netscape to write their
crypto outside the US? (I'd have thought perhaps some of those
ex-cypherpunk types who we all know are/were working there in roles
such as the 'Electronic Munitions Specialist' etc. would have been
familiar with the concept)
I mean if Sameer can do it, and Sun Micro can do it, and RSADSI can do
it why can't Netscape? Not like Netscape is short of a few bob to
open an office somewhere.
Netscape, and many other US companies *have* been losing money to
non-US companies *because* the US companies have been putting 'export
grade crypto into their products'.
Adam
