[Previous] [Next] [Index]
[Thread]
Re: Digest Authentication
Date: Sun, 31 Dec 1995 20:56:47 -0800 (PST)
From: Ned Freed <NED@innosoft.com>
Cc: ams@terisa.com, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com,
www-security@ns2.rutgers.edu
The bottom line is that if you intend to export anything that uses
cryptographic methods, you'd best hire a lawyer familiar with export law and
get approval for it. You'll probably have no problem with authentication.
Ned
The ITAR has a specific exception for authentication in financial
applications, but this applies only to authentication for access
control, and does not extend to, say, the transaction itself.
>From ITAR 121.1 XIII(b)(1):
(ii) Specially designed, developed or modified for use in machines
for banking or money transactions, and restricted to use only in such
transactions. Machines for banking or money transactions include automatic
teller machines, self-service statement printers, point of sale terminals or
equipment for the encryption of interbanking transactions.
(iv) Personalized smart cards using cryptography restricted for use
only in equipment or systems exempted from the controls of the USML [I'm not
sure what this would be used for, but possibly some banking applications
would fall under it]
(v) Limited to access control, such as automatic teller machines,
self-service statement printers or point of sale terminals, which protects
password or personal identification numbers (PIN) or similar data to prevent
unauthorized access to facilities but does not allow for encyprtion of files
or text, except as directly related to the password of [sic] PIN protection.
Joe
----
Joseph Arceneaux
Samsara Partners
http://www.samsara.com
jla@samsara.com
+1 415 648 9988 (direct)
+1 415 341 1395 (fax)
+1 500 488 9308
Follow-Ups:
References: