httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew <>
Subject Re: SHTTP for Apache
Date Sat, 30 Sep 1995 11:09:37 GMT
Ben L:
[shttp et al...]
> Does anyone know what we have to do in terms of code to avoid being arrested?
> I've heard that even exporting code with encryption hooks but no encryption
> code is illegal (in the US).

A while back now, NCSA were told to remove all their PGP/PEM functionality
from NCSA 1.3/1.4, which amounted to the removal of some explicit hooks
in the code.  Apache was based on 1.3 and so, to avoid the same legal
problems we decided also to remove that functionality from Apache.

At about the same time Rob Thau came up with the modular system from
Shambhala which Apache adopted.  The system would, in theory, allow
3rd-party developers to design their own modules to interface with the
Apache API.  Clearly there is scope for a non-Apache Group module to
be written by someone and then made available to the general public,
subject to the legal considerations pertaining in their own country.

For example, a South African resident could design a PGP/PEM encryption
module and make it available for non US citizens to use.  Similar works could
be made available by US residents but then would be restricted to
distribution to only other US residents - no exporting of that new
functionality across borders would be allowed.

It is important, IMHO, that Apache Group's work, meaning the code we
distribute from hyperreal and to the mirror sites, should be free from
any legally questionable functionality.  This will ensure that the
main focus of the group's work can proceed unhampered.  If Apache is
maintained as an 'open' system, with a well documented API then there
is no reason for the server itself to contain any code that might
harm the project, and also there is every likelihood that 3rd party
developers will be able to add functionality to the server.


1)	there's nothing to stop other people from developing
	SHTTP/SSL/PGP/PEM whatever modules, and managing their
	distribution and maintainence independently of the Apache Group

2)	the server as distributed should not contain any code
	that would break a nation's law

> I have come across various others interested in this. I offer to (attempt to)
> coordinate the various groups.

You will find some useful pointers to this in the mailing list's archives,
available on, DNS permitting.

> Cheers,
> Ben.
> Ben Laurie                  Phone: +44 (181) 994 6435



View raw message