[IWAR] CRYPTO capable browser

From: 7Pillars Partners (partnersat_private)
Date: Sat Apr 04 1998 - 09:37:46 PST

  • Next message: 7Pillars Partners: "[IWAR] HUMAN FACTORS fog, perception"

    The software is at:
    http://mozilla-crypto.ssleay.org/press/19980403-01/index.html
    
    This article is at:
    http://www.wired.com/news/news/technology/story/11465.html
    If you want to follow the various links, I recommend surfing to the
    original HTML version and following them.
    
    Cryptozilla Thwarts Feds Crypto Ban
     by Michael Stutz 
    
     7:20pm 3.Apr.98.PST
     Marc Andreessen has said that open development
     on Communicator's newly freed source code is
     going to offer unprecedented software innovations. 
    
     So when a group of open-source developers
     released on Friday a strong cryptography version
     of Netscape's browser for Windows 95 and NT,
     dubbed Cryptozilla, Andreessen's prophecy was
     fulfilled - in spades. 
    
     Soon after Netscape's announcement that they
     would free their source code, the Mozilla Crypto
     Group (MCG) was formed to produce a version of
     the browser with 128-bit encryption - the kind that
     US-based companies are forbidden by law to
     export. 
    
     "What we're forbidden from doing is exporting
     either cryptographic code or code that is designed
     to have crypto easily added to it," said Netscape
     engineering manager Tom Paquin. 
    
     Part two of the equation, he said, was that putting
     such code on a server that anybody could
     download from could be construed as export. 
    
     But the regulations and restrictions that apply to
     software products don't apply to cooperatively
     developed, open-source software, which is
     primarily distributed over the Internet. As if to
     underscore this point, Cryptozilla has quickly
     demonstrated the futility of the US government's
     attempts to ban the export of software programs
     that include strong encryption. 
    
     "We knew that Netscape was serious about
     [releasing the source code], and that it was clear
     that what was going to come out [from subsequent
     developments] was going to be a useful browser,"
     said MCG developer Tim Hudson. 
    
     For users, Cryptozilla presents the option of using
     a browser for surfing and making transactions that
     has a higher degree of security built in. Support for
     secure mail and other transactions will be added
     as development ensues. 
    
     Netscape's Secure Sockets Layer (SSL) is the
     protocol used to provide secure Web browsing via
     encryption. However, the SSL source code used in
     Communicator includes source licensed from RSA
     Data Security and other companies that forbid the
     redistribution of their code. 
    
     Enter Australian programmer Eric A. Young, who
     wrote a free implementation of SSL from scratch -
     SSLeay. His comrade Tim Hudson then developed
     SSLeay implementations in a number of
     open-source network applications. Then, with
     several other developers, they founded the MCG,
     which is also supported by the Distributed
     Systems Technology Centre, a security-focused
     cooperative-research center backed by the
     Australian government. 
    
     And at about 7:15 p.m. EST Wednesday night,
     they birthed "Cryptozilla" - a crypto-powered
     browser that was compiled to run on Red Hat
     Linux, a popular distribution of the cooperatively
     developed operating system. The application took
     all of 15 hours to create, and the group confirmed
     their success by testing it on several
     SSL-powered Web sites. 
    
     "Alert Webmasters of secure sites with a high
     profile should have noticed a Mozilla 5 coming
     from an AU location connecting with full security,"
     Hudson said. 
    
     Today at about 11 a.m. EST, the group did it again
     and released their first Cryptozilla executable for
     32-bit MS Windows systems. By mid-afternoon,
     versions were available for both Windows 95 and
     Windows NT. 
    
     Hudson said that the group is now concentrating
     on setting up procedures so that access to their
     Cryptozilla source code can be opened up to other
     developers in an organized fashion. They will do
     this by using sophisticated open-source tools for
     managing multiple revisions of the source code as
     developers add new improvements. 
    
     "A significant portion of the group have practical
     experience in this area in the form of being core
     Apache Group members," he said. 
    
     Apache is the world's most popular Web server -
     and is also a cooperatively developed,
     open-source, free-software product. 
    
     As long as these open-source, free-software
     projects continue to thrive, attempts at banning
     the export of strong cryptography may prove futile
     - digital source code is easily duplicated and is
     not stopped by political boundaries. 
    
     "The mathematicians have figured this out, and
     have got the governments beat," said Netscape's
     Paquin, who asserted that governments can't stop
     the development and distribution of strong crypto
     through technical means. 
    
     "Cryptography will [inevitably] spread over the
     whole globe, and with it the anonymous
     transactions systems that it makes possible,"
     wrote Eric Hughes in the 1993 "A Cypherpunk's
     Manifesto." 
    
     Administrators at a Department of Defense military
     computer installation in North Carolina had their
     own taste of this today when a not-for-export copy
     of the Pretty Good Privacy encryption software
     was finally removed from their machines, after
     illegally being available for the world to download
     for more than two years. On a corresponding Web
     page it was touted as the "ultimate in email
     security!" 
    
     It was finally removed this morning at 6:57 a.m.
     EST. A counter on the site showed that it was
     downloaded a total of 93 times. Officials at the site
      were not available for comment. 
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:55 PDT