View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
April 30, 1997updated 05 Sep 2016 12:19pm


By CBR Staff Writer

Netscape Communications Corp has become the latest company to win the blessing of the US government to export its software that uses encryption above the mandatory 40-bit limit. Once a company, like Netscape, convinces the US Commerce Department that it has a plan to implement key recovery, whereby government-approved third parties hold keys to unlock the data if the appropriate court order is obtained, the company is then allowed to export up to 56-bit key encryption technology. In Netscape’s case this applies to its e-mail software, so that for each employee, companies using Netscape e-mail software would have two keys: one for the employee’s digital signature and one that could be held in escrow with a trusted third party. Once this plan is implemented, with software written and ready that uses the encryption, the company can apply for unlimited key size, which is exactly what Netscape is doing now. But Netscape chief scientist Taher Elgamal said the other half of Netscape’s plan, that it hopes will secure a license to export its web servers with unlimited encryption capabilities, is different from the handful of other companies granted a license, because it doesn’t require any key recovery or escrow. Instead it relies on data recovery through web servers. He said that as most users are not authenticated by using keys or digital signatures, and are therefore anonymous, as long as Netscape can prove that it can get access to data on its own web servers, then it should be given license to export any level of encryption. Elgamal said other vendors have tried to do key recovery by embedding keys in Secure Socket Layer (SSL) sessions, but that changes the protocol, and with tens of millions of browsers out there, such a change would prove a logistical nightmare, he claimed. Getting approval for the 56-bit part took Netscape about two months, and Elgamal didn’t want to try and predict how long the government would take with the second half of the plan. Other companies that have received permission to do 56-bit encryption are IBM, DEC, Trusted Information Systems Inc and Open Market Inc.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.