From owner-freebsd-security Wed Jul 26 09:34:08 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.11/8.6.6) id JAA26765 for security-outgoing; Wed, 26 Jul 1995 09:34:08 -0700 Received: from jli (jli.portland.or.us [199.2.111.1]) by freefall.cdrom.com (8.6.11/8.6.6) with SMTP id JAA26759 for ; Wed, 26 Jul 1995 09:34:05 -0700 Received: from cumulus by jli with uucp (Smail3.1.28.1 #23) id m0sb9OZ-0001bCC; Wed, 26 Jul 95 09:33 PDT Message-Id: To: security@freebsd.org Subject: Re: secure/ changes... References: <199507261107.EAA08554@tale.frihet.com> In-reply-to: Your message of Wed, 26 Jul 1995 04:07:18 PDT. <199507261107.EAA08554@tale.frihet.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1882.806776359.1@cloud.rain.com> Date: Wed, 26 Jul 1995 09:32:39 -0700 From: Bill Trost Sender: security-owner@freebsd.org Precedence: bulk Part of what may be causing people to worry about importing encryption software is that some of it is illegal to *use* (and probably import) in the United States. In particular, the international versions of PGP contain their own implementation of RSA, so any use of those versions of PGP are violations of PKP's patents on the algorithm. Keep this in mind when planning what software to import. Both RSA and Diffie-Hell?man are covered by patents (although the latter expires in 1997). In general, though, keeping sources for secure software outside the United States is an *excellent* idea. After all, if you comparison shop for stereos, why not governments as well?