Educause Security Discussion
mailing list archives
Re: Browser Encryption Capability for Exporting
From: Chris Green <cmgreen () UAB EDU>
Date: Mon, 23 Jul 2007 10:44:04 -0500
Export is allowed to commodity encryption such as SSL in browsers as
long as you aren't one of the "terrorist supporting states".
SUMMARY: This rule amends the Export Administration Regulations (EAR)
to allow the export and reexport of any encryption commodity or
software to individuals, commercial firms, and other non-government
end-users in all destinations. It also allows exports and reexports of
retail encryption commodities and software to all end-users in all
destinations. Post-export reporting requirements are streamlined, and
changes are made to reflect amendments to the Wassenaar Arrangement.
This rule implements the encryption policy announced by the White House
on September 16 and will simplify U.S. encryption export rules.
Restrictions on terrorist supporting states (Cuba, Iran, Iraq, Libya,
North Korea, Sudan or Syria), their nationals and other sanctioned
entities are not changed by this rule.
From: McNeil, Sharon McLawhorn [mailto:McLawhorns () ECU EDU]
Sent: Monday, July 23, 2007 10:06 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Browser Encryption Capability for Exporting
Does anyone have information on the minimum level browser encryption
(for IE, Firefox, Safari, Netscape, and Opera) capabilities for
exporting data outside the U.S.? Our department is looking at requiring
only 128-bit or higher to access our University's website. Our concern
is that if we set this requirement it might prohibit our DE students,
faculty, etc. outside the U.S. from being able to access our
University's website for registration, grades, etc. from browsers not
capable of at 128-bit or higher.
IT Security Analyst
Dept. of ITCS
East Carolina University