[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian-non-US mirrors (was Re: debmake)



Here's a good site for Canadian crypto stuff:

http://fractal.mta.ca/crypto/

> In fact, as far as pgp goes, Canadians are supposed to use the us
> version of pgp (which uses rsaref) as Canada respects the RSA
> patent.

I keep hearing conflicting views on this - and I haven't seen anything
definitive.  The SSLEAY stuff I read seems to say that it is OK to
use it in Canada (and everywhere else but the U.S.), but it must be
linked with rsaref in the U.S.  Most of the information I've seen
says that the RSA patent is only valid in the U.S.

Anyways, the Canadian policies are quite loose (and they specifically
exempt free software) - so I don't see any problems.  Also, "privacy"
has been more of a political issue in Canada than other places, for
example, we have a privacy commisioner.  

Plus, we have many large, politically savvy networking/software companies 
based in Ottawa (NorTel, Newbridge, Gandalf, Corel, etc.).   All have a 
stake in cryptography either indirectly or directly (ie. Entrust).  And 
these companies, plus the telecom companies, form a much larger part of 
the Canadian economy than the military/intelligence sector (who have
no political clout at all following the Somalia debacle).

In the U.S., it's different - the software industry is huge, but it
developed by itself, far away from Washington, DC.  As a result, it
doesn't have voice, compared to the cronyism of the "military-industrial
complex".  So I'm pretty sure that U.S. crypto policy isn't going
to change radically, until it is thrown out by the Supreme Court,
or it becomes clear to those in charge that they don't have the
slightest chance of winning the global "crypto-war".  Unfortunately,
Microsoft and Netscape are U.S. companies, so the U.S. administration
still believes that it can exert control over the worldwide use of crypto.

But they can't bully around people from other countries, so the whole 
U.S. policy is doomed to fail.  Free Software has a large role to
play in killing off this policy.  It's sort of cool being on
the "front lines" of a war where nobody gets hurt.  :-)

BTW, I've almost got the rc5-bovine package done - I only need to
modify the "lwatchd" program to properly log output on stderr.
Hopefully I'll release it today or tomorrow.

Cheers,

 - Jim





Attachment: pgpDY3BqtmoJZ.pgp
Description: PGP signature


Reply to: