Re: gnupg, openssh post RSA patent/US encryption export laws

To: debian-user@lists.debian.org
Cc: "E. Jay Berkenbilt" <ejb@ql.org>
Subject: Re: gnupg, openssh post RSA patent/US encryption export laws
From: cjw44@flatline.org.uk (Colin Watson)
Date: Sun, 15 Oct 2000 12:45:13 +0100
Message-id: <E13kmE5-0003sD-00@riva.ucam.org>
In-reply-to: <200010150516.BAA01503@soup.ql.org>
References: <200010150516.BAA01503@soup.ql.org>

"E. Jay Berkenbilt" <ejb@ql.org> wrote:
>[I'm not currently subscribed to this list, so please cc me on responses.]

Done.

>After about September 20, the RSA patent has expired in the USA.
>Also, earlier this year, the USA finally relaxed its export laws
>concerning encryption software.  (There are still some places where
>you can't export encryption, but it's not nearly as bad as it once
>was.)
>
>With this change, there have been a number of positive developments in
>the open-source world.  For example, gnupg 1.0.3 now supports RSA.
>Also, RedHat 7.0 includes stunnel, openssl, openssh, apache's mod_ssl,
>an ssl-aware smbclient, and perhaps other software that uses the RSA
>algorithm, and since 6.2, Kerberos, gnupg, and the 128-bit version of
>Netscape have been included.
>
>As far as I can tell, Debian has not moved any of these things out of
>non-free/non-US even for the unstable distribution.

gnupg recently (1 October) included RSA and replaced the non-free
module. Netscape has had 128-bit encryption since 29 May, and that
version is in the stable release. ssh's RSA modules are still in
non-US/non-free as far as I know; a bug should probably be filed. Is it
much of a problem? I understood that there were equally good, if not
better, free alternatives ...

With respect to non-US, there has been some discussion about this, but
it's expired from my news server and I don't feel like going to look it
up. :) IIRC it wasn't quite clear what to do; is Debian happy with
registering all its encryption code, for instance (as I seem to remember
the new regulations require, but correct me if I'm wrong)? Also, I don't
know how much it would matter. The biggest problem with non-US is that
US developers can't work on it, which is certainly not good, but it
doesn't impact users directly as US and non-US users alike can download
from non-US.

Of course, the more that can be moved into main, the better. Have a look
through the debian-devel and debian-policy archives (possibly
debian-project too) from a few months ago at
<URL:http://lists.debian.org/>. debian-user tends mostly to be
question-and-answer, while discussion about work on Debian is more
likely to happen on the developer-oriented mailing lists.

>For what it's worth, I'm brand new to Debian (just trying it this
>weekend for the first time) but I've been using Linux since 1992 and
>UNIX in general since 1987,

In that case, welcome to Debian!

-- 
Colin Watson                                     [cjw44@flatline.org.uk]

Reply to:

Follow-Ups:
- Re: gnupg, openssh post RSA patent/US encryption export laws
  - From: "Paul D. Smith" <pausmith@nortelnetworks.com>

References:
- gnupg, openssh post RSA patent/US encryption export laws
  - From: "E. Jay Berkenbilt" <ejb@ql.org>

Prev by Date: What windows ssh client you use?
Next by Date: Re: gnupg, openssh post RSA patent/US encryption export laws
Previous by thread: Re: gnupg, openssh post RSA patent/US encryption export laws
Next by thread: Re: gnupg, openssh post RSA patent/US encryption export laws
Index(es):
- Date
- Thread