RE: Legal Inclusion of mod_ssl in the Standard Distribution of 1

[Philip Gwyn <li...@artware.qc.ca>]

On 07-May-99 Eli Marmor wrote:
> (I am not subscribed to neither mod_ssl list nor new-httpd lists, so
> please CC me to any reply. In addition, I'm afraid this message will
> be refused by these lists (some lists are closed for external
> posters to avoid spamming); In such a case, please forward this
> message to the lists).
> 
> Following the new rule regarding to inclusion of encryption code in
> an Open-Source packages (which you can read about in zillion places
> like:
> http://www.news.com/News/Item/0,4,36217,00.html?tag=st.cn.1fd1.newstkr.ne
> and others), I propose the following:
> 
> While Apache rules the web servers field, with about 60% (including
> its derivatives), and no rivals (IIS has only 24%, Netscape is close
> to zero), its presence is much weaker in the field of secure web
> servers, including sites of e-commerce, etc. IMHO, one of the
> reasons for this situation is that for newbies it is very hard to
> install SSL for Apache, while in the "competitors" it is already
> integrated. Contrary to other modules, this module is not part of
> the standard distribution of Apache, because of legal issues.
> 
> Now, that these legal issues disappear, Apache has a great
> opportunity to change the picture. I don't know what is going with
> Apache 1.3.7 (where have the STATUS reports gone?), but I think it
> may be a real revolution if mod_ssl can be included with the
> standard distribution. It will remove one of the two areas where
> Apache loses in comparisons (the other is the friendliness), and
> will not only help Apache to gain a domination in the secure web
> servers field, but also will strengthen its existing domination in
> the field non secure web servers.

The legal issues haven't disapeared.  Quoting from the article you cite :

"As a practical matter, the government is not enjoined from applying its
regulations--except to Bernstein. [...]" she [Cindy Cohn] added. 

What this means : as of now, the US government isn't allowed to prevent
Bernstein from publishing and exporting Snuffle but is allowed to prevent
others from doing so.

If the US government doesn't apeal to the supreme court (and it would
be very suprising if they don't) then the ruling will apply to everyone. 
However, if the US government does appeal, the rest of americans have
to wait for that case to be settled (another 2-3 years) before the crypto-laws
are truely done away with.

While the descion is very important, it's not the end of the battle yet.  It
will be a very good tool to help the adoption of the SAFE Act and similar
mesures.

And don't forget that the 9th district is the most over turned court in the US.

Don't forget that Apache's market is much larger then the USA.  If apache
included mod_ssl in the standard dist, you would not be allowed to use in
France, where they've banned all forms of encryption.

Oh!  And IANAL :)

-Philip