From owner-freebsd-hackers  Thu Dec 11 11:42:44 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id LAA08773
          for hackers-outgoing; Thu, 11 Dec 1997 11:42:44 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA08761
          for <hackers@FreeBSD.ORG>; Thu, 11 Dec 1997 11:42:39 -0800 (PST)
          (envelope-from marcs@znep.com)
Received: from znep.com (uucp@localhost)
	by scanner.worldgate.com (8.8.7/8.8.7) with UUCP id MAA13588;
	Thu, 11 Dec 1997 12:42:35 -0700 (MST)
Received: from localhost (marcs@localhost) by alive.znep.com (8.7.5/8.7.3) with SMTP id MAA07993; Thu, 11 Dec 1997 12:41:43 -0700 (MST)
Date: Thu, 11 Dec 1997 12:41:43 -0700 (MST)
From: Marc Slemko <marcs@znep.com>
To: Charles Mott <cmott@srv.net>
cc: hackers <hackers@FreeBSD.ORG>
Subject: Re: FW: Why so many steps to build new kernel?
In-Reply-To: <Pine.BSF.3.96.971210201353.26388A-100000@darkstar.home>
Message-ID: <Pine.BSF.3.95.971211123824.7057F-100000@alive.znep.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 10 Dec 1997, Charles Mott wrote:

> > > I certainly wouldn't want anything like kernel configs or sysadmin
> > > type stuff happening over a standard port like 80 or 8080 with
> > > clear text passwords.  If I could use SSL on some bizzaro
> > > port number, that would be really worth having.  :-)
> > 
> > SSL is troublesome because the fascist US gov't patents basic math and is
> > afraid that allowing people to export technology that the whole world
> > already has will be a security risk. 
> > 
> > The sad truth is that the Internet would be far more secure if the US
> > gov't wasn't so obtuse.
> 
> My understanding is that only commercial web servers support SSL, which I
> am guessing is the name for standard secure link used by MSIE and
> Netscape.  Is it possible that Apache supports SSL?? 

Apache doesn't support it in the base distribution because of export
issues.

http://www.apache-ssl.org/ for patches to make it work with SSLeay; this
is legal to use in the US only for non-commercial purposes.

It can not be done in FreeBSD even if you get around export issues because
of RSA patents.

SSL can be implemented without any other problems.  Well, Netscape is
claiming a patent on it but...

The above talks about SSLv2; SSLv3 can be implemented without using any
algorithms patented within the US.  You still have horrible export issues
though.

> In a more perfect world, we would be using source code available browsers
> that had evolved to use a free, ssh derivative encryption.  Instead we let

Huh?  "ssh derivative encryption" makes no sense.