can i recommend that people read http://advogato.org/articles/302.html
okay, forget that: summary-time. basically, adding encyption for the purposes of 'authentication and authorisation' is legal. AS LONG AS it does NOT have a 'generic' interface that would allow it to be used by an inexperienced programmer for the purposes of encrypting user data. and to this end, samba has an implementation of NTLM authentication and NTLMSSP encryption, and password changing, that cannot be used for 'generic data' encryption purposes, and it IS legal. luke On Sat, Jul 14, 2001 at 11:05:12AM -0700, Justin Erenkrantz wrote: > On Sat, Jul 14, 2001 at 12:53:09PM -0500, William A. Rowe, Jr. wrote: > > You can tell I read oldest->newest :-) > > > > I'm pretty sure I have an older ufc-crypt under a freebsd license, I'll > > have to > > look about. ITMT, I really believe that the SSL library (which nearly > > everyone > > would link in) is probably a better choice, since OpenSSL has the des > > methods. > > > > Does that sound 'saner' to everyone ... using OpenSSL which we will be using > > within Apache (and other foos: daemons or clients) anyways? > > I think we talked about that before and the crypto restrictions on > OpenSSL scared some people. -- justin
