Date: Mon, 01 Nov 1999 19:58:24 -0800 From: "Mark D. Anderson" <mda@discerning.com> To: security@FreeBSD.ORG, ports@FreeBSD.ORG Subject: Re: OpenSSH patches Message-ID: <888466581.941486304@MDAXKE> In-Reply-To: <Pine.BSF.4.10.9911011804230.78061-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>> It does not seem that OpenSSH source code includes any kind of >> crypto argorythm (they are included in OpenSSL library), but is it >> still affected by US crypto restrictions? > > There is some confusion (at least to me) about whether software which > provides a cryptographic function (like SSH) but which links to an > external library to provide the actual cryptographic code is liable under > the export restrictions. I am not a lawyer, and all that, but i believe that this is still against U.S. officially. It is usually referred to as "crypto with a hole", and it is still illegal last i checked. Not only can't you ship crypto, you can't ship software capable of using crypto, or something like that. You *can* have APIs that are not crypto-specific (such as a generic transport which can transparently have encryption), but you can't use the simple mechanism described by openssh. Microsoft and HP have permission to ship their stuff, but the hole can't be plugged by a user (officially) until microsoft clears it. See this for more: http://www.zdnet.com/zdnn/content/pcwk/1522/320100.html http://www.mozilla.org/crypto-faq.html#1-4 Of course, none of this is enforceable, but we all know that. Perhaps someone at mozilla, if there are any left, would know the latest. -mda To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?888466581.941486304>