httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: IPSec builtin OpenBSD, still missing from FreeBSD (fwd)
Date Mon, 26 Jan 1998 05:51:28 GMT
On Sun, 25 Jan 1998, Brian Behlendorf wrote:

> At 08:09 PM 1/23/98 -0700, you wrote:
> >What if we allowed anyone to plug in a DLL to Apache for NT for the
> >password encryption?  Then we ship something by default, if we aren't
> >happy about shipping DES then some third party can make one available for
> >people that need it and don't want MD5.
> 
> Sounds fine to me.  I thought exporting crypto for hashing was OK?  

Yes, but first you have to make DES so it can only be used one-way, then I
think you still need to go through paperwork.

MD5 is fine for export.

In reality, it is doubtful that anyone would get in any trouble if we
added DES crypt.  That opinion, however, has little support and I have no
idea what I am talking about.

Note that FreeBSD is exporting DES because their lawyers think that
the Bernstein decision has enough impact.  That was a California court
though, wasn't it?  Walnut Creek is in California.  We have no lawyers to
do that and, perhaps more importantly, there is no legal organization that
can deal with possible consequences, as extremely unlikely as they may be
and even if there were something, it may well amount only to being told to
stop.

So while I have no objections to just putting in DES and being done with
it, I can not, in my ignorance, honestly push for it.


Mime
View raw message