You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Elizabeth Frank <ef...@ncsa.uiuc.edu> on 1995/05/18 18:59:53 UTC
export restrictions & mirroring Apache at NCSA
Good News: We have receive permission to mirror the Apache
release on our ftp server. We'll probably only have the
most recent (or most recent 2) release(s) available to keep
the space used down.
Bad News: The NSA (for the state department) has declared release
1.4 and all previous releases in violation of the cryptography
export restrictions (cryptography is covered under the arms
trafficing restrictions). NCSA cordially requests that you
remove and copies of those releases from your ftp server unless
you restrict distribution to the USA and Canada. Furthermore,
any code you have developed based on those releases must either
have the PGP/PEM hooks removed, be licensed through the state
department for export on a per user basis, or made available
only in the USA and Canadian.
Release 1.4.1 (now available on our ftp site under
ftp://ftp.ncsa.uiuc.edu/Web/httpd/Unix/ncsa_httpd/httpd_1.4)
has the PGP/PEM hooks removed. We are working on setting
up a USA/Canada restricted server which will provide access
to the export restricted versions of 1.5 which will contain
the PGP/PEM hooks. There will also be unrestricted versions
of 1.5 which will not support bulk encryption, but will support
multiple flavors of authentication.
Sincerely,
Elizabeth Frank
NCSA httpd Development Team
efrank@ncsa.uiuc.edu
Re: export restrictions & mirroring Apache at NCSA
Posted by Rob McCool <ro...@netscape.com>.
/*
* "Re: export restrictions & mirroring Apache at NCSA" by Rob Hartill
* written Thu, 18 May 95 11:39:29 MDT
*
* Pfffft. Sounds like they've gone overboard on that. The hooks don't
* do any encryption/decryption so what's there problem ?
It's enough just to have the hooks in there, e.g. if it was to have
hooks that could be used to plug BSAFE into it, then that would be a
problem.
At the time, I did a little (not much) checking into it, and there
were other programs like MUAs that had hooks for calling PEM or PGP as
external programs, so I thought it was okay. Guess they changed their
mind. Does this make me an arms dealer?
* Someone here suggested the hooks be converted into a gerneral
* purpose "filter hooks"... that'd take care of those morons at the
* NSA.
*/
Yeah, you could use it for compression or something.
--Rob