httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From efr...@ncsa.uiuc.edu (Beth Frank)
Subject Re: SSL/Apache
Date Tue, 17 Oct 1995 21:01:34 GMT
Sorry for the late reply,  I've been swamped lately.

1. When importing SSL crypto code to the USA, the main problem
	is avoiding RSA copyright/patent infringement.

2. I believe that all the NATO countries signed the ITAR 
	treaty which restricts the free flow of cryptographic
	technology, including collaboration.  Cryptographic
	hooks fall under the collaboration clause.  There are
	differences in how the various countries interpreted the treaty
	and translated it into local law.  The US took a particularly
	strict interpretation, and I believe the UK and Germany took
	a less strict one.  I am not familiar with UK law, so I
	have no idea what kind of potential problems you have.  I
	do get the impression, that most countries allow unrestricted
	export to the US.

3. The NSA has indicated that setting up an export restricted server
	(like MIT's for Kerberos) is sufficient to comply with the
	"due care" wording of US law to prevent export from the USA.
	Adam Cain has recently set on up one for NCSA and we can probably
	find room for the Apache patches on it, provided #1 is taken care 
	of, and you're comfortable letting us grab a copy.
-- 
		Elizabeth(Beth) Frank
		NCSA Server Development Team
		efrank@ncsa.uiuc.edu

Mime
View raw message