From owner-new-httpd Thu May 18 12:18:16 1995 Return-Path: owner-new-httpd Received: by taz.hyperreal.com (8.6.10/8.6.5) id MAA28911; Thu, 18 May 1995 12:18:16 -0700 Received: from eat.organic.com by taz.hyperreal.com (8.6.10/8.6.5) with ESMTP id MAA28906; Thu, 18 May 1995 12:18:14 -0700 Received: (from brian@localhost) by eat.organic.com (8.6.11/8.6.9) id MAA11654; Thu, 18 May 1995 12:18:19 -0700 Date: Thu, 18 May 1995 12:18:18 -0700 (PDT) From: Brian Behlendorf Subject: Re: export restrictions & mirroring Apache at NCSA To: new-httpd@hyperreal.com In-Reply-To: <199505181739.AA147298769@ooo.lanl.gov> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-new-httpd@apache.org Precedence: bulk Reply-To: new-httpd@apache.org On Thu, 18 May 1995, Rob Hartill wrote: > > Bad News: The NSA (for the state department) has declared release > > > any code you have developed based on those releases must either > > have the PGP/PEM hooks removed, be licensed through the state > > department for export on a per user basis, or made available > > only in the USA and Canadian. > > Pfffft. Sounds like they've gone overboard on that. The hooks > don't do any encryption/decryption so what's there problem ? > > Someone here suggested the hooks be converted into a gerneral purpose > "filter hooks"... that'd take care of those morons at the NSA. The NSA doesn't even like the ASCII characters "PGP" leaving this country. Fuck them! Arg, this makes me so furious. One side of me says fuck that, there's no crypto in this program, we're not taking it out, and you can bloody seize the machine it's stored on (hyperreal) from my bare hands and it won't matter, this code is everywhere you don't want it to be (to paraphrase Amex). I'll mention this to Brock Meeks and see what he says... I have heard something about this before, but I forget the context. It was also a situation where source code was being passed around that implemented absolutely no crypto, but had the potential for plugging in crypto, and that was deemed a bad thing. What next, banning the distribution of Elm? The other side is that hardly anyone (that I know of) uses the PGP_AUTH stuff anymore. MarketNet was the only commercial service advertising it. We have talked about security and I think agreed that the long term view was to try and develop an SHTTP implementation that didn't contain any crypto but linked with Terisa's shttp.a, and that someone would develop an alternate shttp.a based on PGP. At any rate, I think a nice graphic on our home page would be cool: "APACHE - THE WEB SERVER THE NSA DOESN'T WANT YOU TO HAVE" :) Brian --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-- brian@organic.com brian@hyperreal.com http://www.[hyperreal,organic].com/