From owner-freebsd-security Wed Jan 26 22:35:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from rowdy.panther.net (rowdy.panther.net [209.197.223.18]) by hub.freebsd.org (Postfix) with ESMTP id 0EC211501C; Wed, 26 Jan 2000 22:35:23 -0800 (PST) (envelope-from kward@panther.net) Received: from localhost (2356 bytes) by rowdy.panther.net via sendmail with P:stdio/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) (ident using unix) id for ; Thu, 27 Jan 2000 00:35:37 -0600 (CST) (Smail-3.2.0.109 1999-Oct-27 #2 built 1999-Dec-30) Message-Id: From: kward@panther.net (Keith Ward) Subject: Re: OpenSSL docs for FAQ In-Reply-To: from Kris Kennaway at "Jan 25, 2000 00:49:04 am" To: Kris Kennaway Date: Thu, 27 Jan 2000 00:35:37 -0600 (CST) Cc: current@freebsd.org, security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Only recommendation I might pass on is being consistant in the use of "USA" instead of "US". The document starts off with references to "USA" and then changes to "US". Following the custom used in current crypto source (i.e. "USA_RESIDENT" in make.conf) I would suggest using "USA". Keith According to the writings of Kris Kennaway > > Can people please review this for style and content, for inclusion in > the FAQ? I'll also need someone to mark it up once it's ready since SGML > is currently not among my abilities :-) > [ ... ] > > However, some of the algorithms (specifically, RSA and IDEA) included > in OpenSSL are protected by patents in the USA and elsewhere and are > not available for unrestricted use. In addition, export of > cryptographic code from the USA has (until recently) been heavily > restricted. As a result, FreeBSD has available three different > versions of OpenSSL depending on geographical location (US/non-US) and > compliance with the RSAREF license (see below). [ ... ] > People who are located outside the USA, and who obtain their crypto > sources from internat.freebsd.org (the International Crypto > Repository), will build a version of OpenSSL which includes RSA, but > does not include IDEA, because the latter is restricted in certain > locations elsewhere in the world. In the future a more flexible > identification system may allow building of IDEA in countries for > which it is not restricted. > > US USERS: ^^ (and others follow throughout the remainder of the doc) -- Keith Ward N5OOD kward@Panther.net ...!rwsys!rowdy!kward =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= I don't suffer from insanity, I enjoy every minute of it. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message