Re: Discussion - Proposed Constitution - voting part 2
On Sun, Sep 27, 1998 at 09:29:21AM -0700, Darren Benham wrote:
> What do the French do now since they have to sign their packages...??? AFAIK,
> it's ok to use the encryption for authentication purposes... Otherwise, we'll
> have to (try) to implement something similar to what Debian does for the
> packages (if anyone can tell me)
> On 27-Sep-98 Davide G. M. Salvetti wrote:
> > ***** DB => Darren Benham
> > DB> I've set the system up so that PGP can (and I prefer...) be
> > DB> used... Infact, it WILL be turned on for the constitutional vote
> > DB> unless someone from on high tells me not to.
> > How about French people, who AFAIK aren't permitted to sign by law?
> > I don't remember if we have French developers, but I'd bet we do.
actually, it seems that the law says that i can use encriptyon for signing, but that the people selling/giving/providing me the encryption program should make some formalities to be able to provide the package.
also it is possible to use encryption packages with keys less than 40bits, or with bigger keys but with someone holding the uncrypting one, but again the provider should make more complicated formalities.
the problem is that pgp, and most crypto packages provided by debian can make both signature and encypting, so i don't think it would get the authorization.
what would be nice is a downgraded version of pgp or some other crypting package that would only do crypting and that debian makes the simplified declaration for it.
Alternatively we could ask for an authorization to use a less than 40bits version, or even a stronger version with sequestred public key.
Check http://www.telecom.gouv.fr/francais/activ/techno/crypto0698_5.htm for more information.