httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject US gov't crypto export
Date Fri, 18 Sep 1998 04:06:42 GMT
anyone care to comment on the US gov'ts easing of export restrictions?

As pathetic as it may be, from what I understand they have eliminated the
need for licenses to export 56-bit crypto, wihch means that there should
be no doubt at all about crypt() being exportable.  (yes, I know, in
theory you can do crypt() safely and argue it is not two-way but AFAIK
it isn't entirely clear if that can be supported)

Is this  true?  If so, are we willing to add code required to do crypt()
so Win32 can have consistent htaccess passwd encryption.

Hmm.  Ok.  Looks like it may not be true, the media is just lying again.
Can't find actual hard documentation on what they plan.

Oh, lovely.  cmp says, that instead of "key recovery":

    But the White House plan also boosts a different kind of back-door
    recovery method, in which a network administrator would have access to
    the plain text of a corporation's internal documents, and could provide
    this information to law enforcement. Software with this feature will be
    given the green light under the new export rules.

Erm... yea, whatever.  

Ok, from the press briefing:

		 With respect to our existing policy, we have for two 
    years ending this December, permitted the export of 56-bit products 
    after an initial one-time review without further review by the 
    government.  What we're announcing today is the maintenance of that 
    window permanently.  And so 56-bit products will be freed from export 
    controls after a one-time review, in perpetuity, not ending at the 
    end of this year.  We are, however, removing the requirement for key 
    recovery plans or key recovery commitments to be provided in return 
    for that change, which was the initial condition that we extracted.

View raw message