[1159] in WWW Security List Archive
Re: Public httpd servers that support encryption
daemon@ATHENA.MIT.EDU (sameer)
Thu Nov 9 18:32:32 1995
From: sameer <sameer@c2.org>
To: sfbzb1pu@frog.thpl.lib.fl.us (Kyle Amon)
Date: Thu, 9 Nov 1995 11:49:23 -0800 (PST)
Cc: andrew@andy.alt.za, www-security@ns2.rutgers.edu
In-Reply-To: <Pine.SUN.3.90.951108235041.12260A-100000@frog> from "Kyle Amon" at Nov 9, 95 00:58:04 am
Errors-To: owner-www-security@ns2.rutgers.edu
>
> It is VERY new and quite ALPHA though the docs say it's beta.
> It is written by an individual, not a group.
> Combine these facts, and it is probably still quite buggy.
As a developer using the SSLeay routines: It is quite
buggy. Eric (the author) is hard at work fixing all the bugs though.
A version of apache using SSLeay is available to us persons on my ftp
site. Read ftp.c2.org:/pub/README.US-only. (only good for
non-commercial use at this point. When commercial use becomes possible
I will describe how on http://www.c2.org/apachessl/)
>
>
> What it appears to be:
>
> It is actually a set of libraries and programs that support SLL...
> or rather a "raw" SSL implementation that can be used to develop
> actual SSL applications. These are in the .../SSL/ subdirectory.
>
> In the .../SSLapps/ subdirectory is a set of example apps and/or patches
> that utilize the above libraries. Among these are patches for NCSA's
> httpd versions 1.2 and 1.4.
>
>
> The problems (legal) at least in the US:
>
> Be sure to read the file, RAMBLINGS. I think it's in the .../SSL/
> subdirectory. It gives a pretty detailed explanation of the dubious
> legal status and possible implications of this code in the US and
> some other similarly fascist countries that have a choke-hold on
> cryptographic sciences in their respective domains (pun intended).
>
> COMMERCIAL: "One for the Gipper"
> The US governmental policies on the exporting of cryptographic code are
> overly restrictive, futile, rediculous and almost as antiquated as...
> the need for an electoral college in order to enable a national election!?
> They are pure ant-freedom, serving only to allow the government to harangue
> normal citizens like Phil Zimmerman (author of PGP) as though they were
> criminals while maintaining nearly unbreachable monopolies for companies
> like PKP and RSA who make a fortune off of the life work of men like
> Whitfield Diffie (inventor of Public Key Cryptography) and others who's
> financial gains from their own work are comparatively insignificant, whom
> would be prosecuted as criminals if they sent a copy of their work to
> a friend or relative in another country.
> <Step down from the soap box now>
>
> Basically, mind your Ps & Qs if you want to play with this one. However,
> you may be totally in the clear. I noticed that your internet and x.400
> addresses indicate that your country is "ZA". I don't know what country
> that is, but depending on the laws there, you may have nothing to worry
> about.
>
>
> Upshot:
>
> I think it's great! I hope it makes it through the coming storm. The
> package is eponymously named SSLeay for it's author Eric Young. Email:
> eay@mincom.oz.au
>
>
> +-----------------------------------+
> | +-------------------------------+ |
> | | Kyle Amon | |
> | +-------------------------------+ |
> | | sfbzb1pu@scfn.thpl.lib.fl.us | |
> | | amonk@delphi.com | |
> | | amonk@cyberspace.org | |
> | | amonk@freenet.scri.fsu.edu | |
> | +-------------------------------+ |
> +-----------------------------------+
>
> Disclaimer: Any opinions which may be eroneously infered from
> forgoing text were not actually implied.
>
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
The Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org (or login as "guest") sameer@c2.org
