Re: gnupg, openssh post RSA patent/US encryption export laws

To: debian-user@lists.debian.org
Subject: Re: gnupg, openssh post RSA patent/US encryption export laws
From: brian moore <bem@cmc.net>
Date: Sat, 14 Oct 2000 23:04:19 -0700
Message-id: <20001014230419.C20495@cmc.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <200010150516.BAA01503@soup.ql.org>; from ejb@ql.org on Sun, Oct 15, 2000 at 01:16:34AM -0400
References: <200010150516.BAA01503@soup.ql.org>

On Sun, Oct 15, 2000 at 01:16:34AM -0400, E. Jay Berkenbilt wrote:
> 
> [I'm not currently subscribed to this list, so please cc me on responses.]
> 
> After about September 20, the RSA patent has expired in the USA.
> Also, earlier this year, the USA finally relaxed its export laws
> concerning encryption software.  (There are still some places where
> you can't export encryption, but it's not nearly as bad as it once
> was.)

Actually, it's not much of a change legally.

Clinton signed an Executive Order.  This is not a change in law, just a
change in how the government will interpret the law until they see a
reason to change their mind.  (And because it's not a revocation of the
law, if/when they change their mind, any exports done during the current
reading of the law would be re-evaluated for their legal status.  So,
yes, what you're told is 'legal' today you can be convicted for
tomorrow.)

Crypto belongs in non-US until the US Government changes the law.

> With this change, there have been a number of positive developments in
> the open-source world.  For example, gnupg 1.0.3 now supports RSA.
> Also, RedHat 7.0 includes stunnel, openssl, openssh, apache's mod_ssl,
> an ssl-aware smbclient, and perhaps other software that uses the RSA
> algorithm, and since 6.2, Kerberos, gnupg, and the 128-bit version of
> Netscape have been included.
> 
> As far as I can tell, Debian has not moved any of these things out of
> non-free/non-US even for the unstable distribution.  Are there plans
> to do this?  If not, why not?  I'd be grateful if someone could shed
> some light on this issue.

None of the above are in non-free, excepting Netscape, which won't be
moved until Netscape release source to it.  (Mozilla is partial source
to Netscape 6, but even that's not -full- source.)

The Netscape 4.75 debs are 128 bit.

-- 
CueCat decoder .signature by Larry Wall:
#!/usr/bin/perl -n
printf "Serial: %s Type: %s Code: %s\n", map { tr/a-zA-Z0-9+-/ -_/; $_ = unpack
'u', chr(32 + length()*3/4) . $_; s/\0+$//; $_ ^= "C" x length; } /\.([^.]+)/g;

Reply to:

Follow-Ups:
- Re: gnupg, openssh post RSA patent/US encryption export laws
  - From: "Eric G . Miller" <egm2@jps.net>

References:
- gnupg, openssh post RSA patent/US encryption export laws
  - From: "E. Jay Berkenbilt" <ejb@ql.org>

Prev by Date: gnupg, openssh post RSA patent/US encryption export laws
Next by Date: [OOT] Re: SPAM - [ERROR!!!] (TO ALL NEWSGROUP MEMBERS)
Previous by thread: gnupg, openssh post RSA patent/US encryption export laws
Next by thread: Re: gnupg, openssh post RSA patent/US encryption export laws
Index(es):
- Date
- Thread