Export Restrictions on International Sales
Netscape software products with encryption features
are considered by the United States government to be tools capable of being
used for purposes that are unlawful or against U.S. national interests.
Their distribution may be regulated by 15 CFR Parts 730 through 774, published
by the U.S. Department of Commerce (Bureau of Export Administration) as
the Export Administration Regulations (EAR). If your company has offices
in several different countries, the kind of software you can deploy in
some or all of those offices will be affected by these export control regulations.
The laws of other countries may also affect
the kind of software you can deploy. For example, software that supports
encryption of any kind is not permitted in France without prior authorization
from the French government. Similar restrictions for import and domestic
use also may come into existence in other countries. Further, the U.S.
government prohibits outright the export of any Netscape product with encryption
to the following pariah countries: Cuba, Iran, Iraq, Libya, North Korea,
Sudan, and Syria.
Encryption strength is described in terms
of the size (in bits) of the keys used to perform the encryption. 128-bit
encryption provides significantly better cryptographic protection than
40-bit encryption. Roughly speaking, 128-bit encryption is 3 X 1026
times stronger than 40-bit encryption, which is not considered "strong"
in the cryptographic community. It should be noted, however, that Netscape
products use a different key for each encrypted SSL session, regardless
of key size. Thus, even if intruders devoted significant resources and
time toward breaking a key for one encrypted session, the discovered key
would be useless for other sessions.
Netscape provides three versions of each release of its client software:
Netscape provides two versions of each release of its server software that supports SSL:
The domestic version, for use in the United States and Canada only, supports
encryption-key lengths of up to 128 bits (for RC2 and RC4 algorithms) and
168 bits (for Triple DES). It supports S/MIME encryption with key lengths
of up to 128 bits (for RC2) and 168 bits (for DES). The domestic client
uses this stronger encryption with server software that can support it;
otherwise, as when communicating with international versions of Netscape
server software, the client uses 40-bit encryption.
- The international version, for export to countries other than the United
States, Canada, France, and the pariah countries noted above, supports
SSL and S/MIME encryption but with key lengths generally limited to 40
bits (for RC2 and RC4 algorithms; DES is not supported). However, the international
version of Communicator 4.0 or later also supports conditional 128-bit
or 168-bit SSL encryption, on a per-session basis, when communicating with
a Netscape server that presents a valid Global Server ID server certificate
- The French version, for export to France, supports 40-bit SSL encryption
only (for RC2 and RC4; DES is not supported). The French version does not
support S/MIME encryption.
Banks can obtain a special server SSL certificate
from VeriSign called a Global Server ID. This certificate allows banks
to use domestic versions of Netscape server software outside the United
States and Canada. These servers ordinarily support 128-bit or 168-bit
encryption with domestic versions of Communicator only, and automatically
use 40-bit SSL encryption with international versions. However, if a server
presents a valid Global Server ID to an international version of Communicator
4.0 or later, Communicator will "step up" to the stronger SSL encryption
for that session with that server. Note that the physical location of the
server is irrelevant; an international version of Communicator that connects
to a domestic server in the United States, for example, can step up to
stronger encryption only if the server presents a Global Server ID.
- The domestic version, for use in the United States and Canada and by international
banks that have obtained a valid Global Server ID server certificate, supports
SSL encryption with key lengths of up to 128 bits (for RC2 and RC4) and 168 bits (for Triple DES).
- The international version, for export to countries other than the United States, Canada, and the pariah countries noted above, supports 40-bit SSL encryption only (for RC2 and RC4; DES is not supported).
Last Updated: 12/18/97 20:56:03
Copyright © 1997 Netscape