That's basically all Netscape & Microsoft were doing when they had to
restrict 128-bit SSL. They threw in the requirement to enter your address
& phone number, but they had no way of telling if you were entering your
address, or the one you got from doing a four11.com lookup of John Smith
in Plano, Tx.
I block anonymizer & some other proxies, as well as AOL.
So I guess you're saying there's not much better than what I'm already
doing? The only info I have on the client is what I can get from a TCP
connection.
-Ralph
Thus spake "Ralph Doncaster" <ralph@istop.com>
That's basically all Netscape & Microsoft were doing when they had to
restrict 128-bit SSL. They threw in the requirement to enter your address
& phone number, but they had no way of telling if you were entering your
address, or the one you got from doing a four11.com lookup of John Smith
in Plano, Tx.
The new crypto regulations allow shrink-wrapped software to be exported if the
receiver claims to be authorized; there is no legal requirement on the exporter
to actually verify this status...
I really wonder if there's any point in regulating at all, if they're going to
be so blatantly stupid about it.
S
One of my clients is a large computer security software
company. According to them, it's not just crypto export rules that are
the concern, but also the ITAR countries (N. Korea, Lybia, Cuba, ...). As
well they are concerned about liabilities in countries like France where
it is illegal to import crypto so they want to restrict people from France
too.
-Ralph