httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Re: SSL/Apache
Date Tue, 17 Oct 1995 17:43:00 GMT
>In message <199510171605.JAA04818@infinity.c2.org>, sameer writes:
>>... but if you make it easy to pug RSAref into
>>your code, then you can tell people that they can't use your code
>>within the us w/o plugging RSAref into it. Then you're set. Completely
>>legal. No worries.
>
>Are you sure about that?  The kerberos folk have something called Bones
>which removes all the crypto calls in kerberos to deal with possible
>export violations.  From my understanding it's just as illegal to export
>something that is crypto-ready.  But I'd love to be shown wrong.

Yes and no.
You didn't quote the message fully; he was taking about avoiding
_patent_ problems for _importing_ into the USA. I very much doubt that
RSA have a patent on encryption hooks, and the US does not regulate
importations.

However, you are correct in that there are _legal_ (statutatory) problems
in _exporting_ code with encryption hooks from the USA. The US treat
code with hooks to facilitate encryption as the same as the encryption
software itself.

 David.

Mime
View raw message