You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Brian Behlendorf <br...@hyperreal.com> on 1995/11/15 00:00:34 UTC

Removal of PEM from Apache (fwd)

keep this private to new-httpd for now.

I talked with her on the phone - here's the scoop.  They need someone (I have
volunteered for now, but if there's someone who feels more qualified perhaps
we can work on this together) from the Apache project to write up an
explanation of why we removed the PEM code from the Apache code.  I would
*presume* they are also talking to the folks at NCSA - Beth?  Brandon?  I am
basically going to state that we removed it at the *suggestion* of NCSA after
they were contacted on this matter, and since we're a loose group of
volunteers working on this in our spare time we removed it rather than run
the risk of entanglement with the government.  I will also mention that it
severely restricts some of the more commercial applications we would like to
build, like the SSL functionality. 

Any objections, comments, etc?

	Brian


---------- Forwarded message ----------
Date: Tue, 14 Nov 1995 15:11:17 -0800
From: Cindy Cohn <Ci...@McGlashan.com>
To: brian@hyperreal.com
Cc: mer0@steefel.attmail.com, tien@well.sf.ca.us
Subject: Removal of PEM from Apache

Hello,

I am the lead attorney on a federal case called Bernstein v. Department of
State,  being brought with the assistance of the Electronic Frontier
Foundation to challenge the ITAR restrictions on the export of cryptographic
information.   You can read more about the case at http://www.eff.org in
their Alerts section.  

 In response to our case, the government attorneys have maintained to the
court that they are only  interested in controlling "software which can
function to encrypt."  They have asserted to the court that they do not
otherwise restrict export or attempt to chill the use of  encryption
techniques, which they admit are legal in the US. 

We would like to inform the Judge of the truth, that even those who do not
themselves offer cryptography are being asked to change their sites to make
it more difficult for others to use and acquire cryptographic information.
Would you be willing to sign a short Declaration describing your experience
with the NSA and State Department, including the representations which they
made to you about the scope of the ITAR, the timeline of these facts, a
description of what they asked you to do,  and your decisionmaking process?
We would submit it along with declaration from others to contradict the
government's misrepresentations of its processes.   

If you would like to discuss this further, please contact me at (415)
341-2585.  

Thanks for your consideration,

Cindy A. Cohn



************************
Cindy A. Cohn (Cindy@McGlashan.com)
McGlashan & Sarrail, Professional Corporation
177 Bovet Road, 6th Floor
San Mateo, CA  94402
(415) 341-2585 (tel)
(415)341-1395 (fax)