Netscape Granted Federal Approval to Export Netscape Communicator With Strong 128-Bit Encryption to Customers Worldwide

Netscape Communications Corporation (Nasdaq: NSCP) today announced the United States Department of Commerce has granted the company permission to export Netscape(R) Communicator client software with 128-bit encryption capabilities. Available for immediate download from the Netscape Internet site, Netscape Communicator with strong encryption would allow users worldwide to enjoy far greater protection for their information when communicating with certified, strong encryption applications on Intranets and the Internet.

Netscape also received approval to export Netscape SuiteSpot server software featuring 128-bit encryption capabilities to certified banks worldwide. VeriSign will be providing a special-use digital certificate which enables the encryption. This will allow Netscape Communicator users to access their banking information from almost anywhere in the world and communicate using strong encryption with those banks which have implemented Netscape SuiteSpot servers and completed the certification process.

"The ability to export our products with strong encryption enables Netscape to provide its customers worldwide with client and server software that can improve the security of their information and applications," said Taher Elgamal, chief scientist at Netscape. "This approval is another example of Netscape's leadership in the privacy and security arenas and is especially important due to the recent breaking of 56-bit DES by the DESCHALL group last week."

Today's breakthrough announcement marks the first time Netscape products with strong encryption have been made available to its customers outside the United States and Canada. Until now, Netscape was restricted by the United States Government to exporting software with 40-bit encryption even though 128-bit encryption technology has been widely available in Netscape products since May 1995.

Encryption technology in computer software products scrambles information and renders it unreadable without a password or software "key."

The strength of encryption is largely a function of the length of the software keys measured in bits, the zeros and ones that make up the smallest unit of computer data. The larger the key size the more difficult it becomes for a person with malicious intent to decrypt communications. Each additional bit doubles the number of possible sequences in a software key, so the computer power required to decrypt a 128-bit key is more than 309,485,009,821,345,068,724,781,056 times harder than a 40-bit key.

"Banks require strong encryption to do business in the global medium of the Internet," said William Reinsch, Undersecretary of Commerce for Export Administration. "They are reliable institutions subject to strong regulatory oversight. Banks are trustworthy when it comes to strong encryption."

International users who have Netscape Communicator do not need to download a new version of Netscape Communicator to take advantage of the strong encryption capabilities being announced today. Negotiation of the strong encryption between international versions of Netscape Communicator and Netscape SuiteSpot servers approved for export to banks occurs through a unique mechanism based on a special-use digital certificate. Approval of this certificate based mechanism is the culmination of months of effort between Netscape and numerous government agencies. Netscape and VeriSign have worked closely together to develop digital certificates that allow Netscape SuiteSpot servers to initiate strong communications sessions with Netscape Communicator. VeriSign will issue special-use digital certificates pending final approval from the United States Department of Commerce. Banks around the world can obtain Netscape Communicator and Netscape SuiteSpot servers with strong encryption immediately.

"VeriSign shares Netscape's goal of expanding security enabled electronic commerce on the global Internet," said Stratton Sclavos, president and CEO of VeriSign. "The combination of Netscape's products with strong encryption and VeriSign's technology, practices, and security infrastructure, gives banks and their customers a whole new level of security for conducting financial transactions on the Internet."

Digital certificates are a form of electronic identity, which bind an individual or organization to a pair of software keys that can be used for encrypting and signing digital information. A digital certificate, also known as a Digital ID, is issued by a trusted entity called a Certification Authority (CA), which determines an established set of authentication, background check, and security procedures before issuing a digital certificate.

"Although the Administration's current export control policy and its proposed legislation (e.g., S.909, the Secure Public Networks Act) fail to permit U.S. industry to compete on a level playing field with its non-U.S. counterparts, today's announcement reveals that there are some areas for agreement," said Peter Harter, global public policy counsel at Netscape. "It is important to recognize that all applicable agencies in the executive branch signed off on this export plan."

Netscape software products incorporate public key/private key encryption from RSA Data Security. Netscape Communicator uses RC4 128-bit encryption and other ciphers with Secure Sockets Layer (SSL), an open security protocol for protecting data communications across public networks. Netscape designed the SSL protocol to provide the essential technology for securing a wide range of commercial and enterprise wide applications, and provides a straightforward method for adding strong security features to existing applications and network infrastructures. SSL is application protocol-independent and provides encryption, which creates a secured channel to prevent others from tapping into the network; authentication, which uses certificates and digital signatures to verify the identity of parties in information exchanges and transactions; and message integrity, which ensures that messages cannot be altered en route.

Netscape Communications Corporation is a leading provider of open software for linking people and information over enterprise networks and the Internet. The company offers a full line of clients, servers, development tools and commercial applications to create a complete platform for next-generation, live on-line applications. Traded on Nasdaq under the symbol "NSCP," Netscape Communications Corporation in based in Mountain View, California.

Additional information on Netscape Communications Corporation is available on the Internet at http://home.netscape.com, by sending email to info@netscape.com, or by calling 415-937-2555 (corporations) or 415-937-3777 (individuals).

VeriSign Inc. is the world's leading Internet Certification Authority, a trusted third party that authenticates, issues and manages digital certificates on the Internet. VeriSign's Digital IDs enable trusted electronic commerce by authenticating the individuals, organizations and content involved in an electronic transaction. VeriSign has issued its branded Digital IDs to nearly 20,000 web sites and 1,000,000 individuals who use Netscape and Microsoft's Internet products. The company also is delivering customized Digital ID solutions to corporations worldwide including Novus Services, Toppan Printing and Visa International. VeriSign, headquartered in Mountain View, Calif., was founded in April 1995. The company is privately held and has been funded by strategic industry partners including Ameritech, AT&T, Cisco, Comcast, First Data, Gemplus, Intuit, Microsoft, Reuters, RSA, Security Dynamics, Softbank and Visa. For more information, visit the VeriSign Web site at http://www.verisign.com.

NOTE: Netscape is a registered trademark of Netscape Communications Corporation in the United States and other countries. Netscape's logos and Netscape product and service names are also trademarks of Netscape Communications Corporation, which may be registered in other countries. Other product and brand names are trademarks of their respective owners.

SOURCE Netscape Communications Corp. -0- 06/24/97 /CONTACT: Chris Holten, 415-937-2521, or chrish@netscape.com, or Anil Prasad, 415-937-2043, or aprasad@netscape.com, both of Netscape Public Relations/ (NSCP)

CO: Netscape Communications Corp.; VeriSign Inc. ST: California IN: CPR MLM SU: PDT

This site is not related to the Microsoft Corporation in any way. Windows and the Windows logo are trademarks of the Microsoft Corporation. ActiveWindows is an independent site. The information and sources here are obtained from series of hard work & research.