Export Restrictions on International Sales

Netscape software products with encryption features are considered by the United States government to be tools capable of being used for purposes that are unlawful or against U.S. national interests. Their distribution may be regulated by 15 CFR Parts 730 through 774, published by the U.S. Department of Commerce (Bureau of Export Administration) as the Export Administration Regulations (EAR). If your company has offices in several different countries, the kind of software you can deploy in some or all of those offices will be affected by these export control regulations.

 The laws of other countries may also affect the kind of software you can deploy. For example, software that supports encryption of any kind is not permitted in France without prior authorization from the French government. Similar restrictions for import and domestic use also may come into existence in other countries. Further, the U.S. government prohibits outright the export of any Netscape product with encryption to the following pariah countries: Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.

 Encryption strength is described in terms of the size (in bits) of the keys used to perform the encryption. 128-bit encryption provides significantly better cryptographic protection than 40-bit encryption. Roughly speaking, 128-bit encryption is 3 X 1026 times stronger than 40-bit encryption, which is not considered "strong" in the cryptographic community. It should be noted, however, that Netscape products use a different key for each encrypted SSL session, regardless of key size. Thus, even if intruders devoted significant resources and time toward breaking a key for one encrypted session, the discovered key would be useless for other sessions.

Netscape provides three versions of each release of its client software:

Netscape provides two versions of each release of its server software that supports SSL: Banks can obtain a special server SSL certificate from VeriSign called a Global Server ID. This certificate allows banks to use domestic versions of Netscape server software outside the United States and Canada. These servers ordinarily support 128-bit or 168-bit encryption with domestic versions of Communicator only, and automatically use 40-bit SSL encryption with international versions. However, if a server presents a valid Global Server ID to an international version of Communicator 4.0 or later, Communicator will "step up" to the stronger SSL encryption for that session with that server. Note that the physical location of the server is irrelevant; an international version of Communicator that connects to a domestic server in the United States, for example, can step up to stronger encryption only if the server presents a Global Server ID.

Last Updated: 12/18/97 20:56:03 

Copyright © 1997 Netscape Communications Corporation