httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <>
Subject Re: Survey information...and names for Apache
Date Fri, 01 Dec 1995 08:27:06 GMT
> > 
> > Does that mean that a site in country X can be nominated as the
> > "primary" site and then hyperreal's /dist directory would mirror
> > the sources/binaries from X?
> 	Yes.
> > 
> > If that's all there is to it, then it's a pain but trivial.
> > 
> > I guess the trick is to not export the sensitive code out of the US
> > to X. So future builds would need to be made outside of the USA?.
> 	Yes. I think that it would be wise to use
> style restrictions then on the dist
> directory within the US, and point to the outside-US sites for people
> who end up outside the US.
> > 
> > If you already have portable patches, then this sounds easy.
> 	As far as I know, Ben's patches for the os_conn stuff work on
> every platform.
> > 
> > Okay lets make plans post-1.0
> > 
> > 
> > If we can distribute Apache with SSL, while staying within the stupid
> > rules, it's one more nail in the coffin of the stupid rule makers. Let's
> > go for it.
> > 
> 	Note that none of the above is the advice of a lawyer or the
> state dept. I'm just a cypherpunk who's been doing this crypto and
> ITAR stuff for a few years now. The rules are arbitrary and
> confusing. I would not be surprised if this did not bring the Apache
> Group some NSA inquiries. It may be wise not to use hyperreal at all,
> for safety. (I would actually be surprised if this didn't bring about
> inquiries.)
> 	*BUT*, I think the fact that Apache is not developed by any
> single entity that can be threatened is a major plus. The NSA can't go
> to the Apache Group like they can to any other company and say "if you
> don't listen to us we won't let you do XXX", because the Apache Group
> does not *really* exist as a legal person, like a Corporation does.

A small fly in the ointment - how do the US participants submit patches to
Apache once it has been cryptified? Presumably this is illegal (or at least
some patches will be)?

Perhaps the way to go is to make it possible for Apache-SSL to be a proper
module instead of a monster patch (which can probably be done without
explicitly inserting crypto hooks - its more a matter of abstracting the
idea of a "connection" a little).

Then the main Apache could be worked on by anyone, and only the SSL module
would have to reside outside the US.



> -- 
> sameer						Voice:   510-601-9777
> Community ConneXion				FAX:     510-601-9734
> The Internet Privacy Provider			Dialin:  510-658-6376
> (or login as "guest")

Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant        Fax:   +44 (181) 994 6472
and Technical Director      Email:
A.L. Digital Ltd,           URL:
London, England.

View raw message