httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Elizabeth Frank)
Subject Re: export restrictions & mirroring Apache at NCSA
Date Mon, 22 May 1995 14:35:13 GMT
On May 21,  4:17pm, David Robinson wrote:
} Subject: Re: export restrictions & mirroring Apache at NCSA
 > Beth wrote:
 > >... Encryption used only within the headers for authentication, distributed
 > >in binary only form falls under Commerce department rules and can be exported
 >  ~~~~~~~~~~~~~~~~~~~
 > >with (I think) a one time review.  (I think if we get ours OK'ed and you say
 > >you build yours off of ours, you may not have to go through this review, BUT
 > >I'm not sure about this and someone from Apache should talk to the NSA BEFORE
 > >you include any of our new 1.5 code.)...
 > Does this mean that only the encryption software needs to be in binary form,
 > or that the software hooks also need to be in binary form?

I'm not sure.  I think the hooks have to be in binary form as well to prevent
the code from being easily modifed for bulk encryption.

 > Apache and httpd both have 'hooks' to call the library routine `crypt'
 > for authentication. Does this mean they have to be distributed as binaries,
 > and be approved by the Commerce department?
 >  David.
}-- End of excerpt from David Robinson

"Crypt" is a one-way encryption function and therefore not covered by the law.
(I think one-way encryption gets classified as a hash function.)  What they
are trying to prevent/regulate is bulk encryption.  To do that they want to 
make sure something classified as authentication can't easily be modified to
do bulk encryption.

	-Beth Frank

View raw message