Re: restructuring mod_ssl as an overlay

[TOKILEY]

> Roy wrote... > > The sane solution would be to convince the US government to remove > encryption from the export control list, since that regulation has > been totally ineffective.  That is not likely to happen during this > administration, though, and I don't think the ASF is allowed to > lobby for it directly.   Not going to happen in our lifetimes.   Since World War II, when modern cryptography/encryption/decryption turned out to be the deciding factor in the conflict itself, it's all been classified as 'muntions' right along with firearms and explosives and, as such, is ( now ) under the jurisdiction of the ATF ( Bureau of Alchohol, Tobacco and Firearms. )   It isn't just a State Department policy thing.   Any change in the policy would involve tons of government agencies, not just one.   > Roy also wrote... > > If anyone can think of another option, I'd like to hear it before > proposing a vote.   Here's another option before doing anything drastic...   ...get a professional opinion.   Roy... you have done fantastic research but I am seeing a lot of 'assumptions' in all the postings. ( Yours and others ). This isn't really something to get into with any 'assumptions'. You should be SURE that any changes are going to gey you ( ASF ) where you want to be.   Hypotheticals are fun but they don't get the horses into the barn.   Here is just one example from the postings... but an important one...   > The mere presence of mod_ssl source code appears to be sufficient to > make the product as a whole covered by 5D002 export controls   --keyword=appears   Does it, or doesn't it?   mod_ssl is just a module. It doesn't do squat unless the OTHER ( Non ASF ) product is included in the compile. It's just a bunch of hooks into someone else's product. Are you SURE mod_ssl alone puts ASF into a 'danger zone' at all?   Another example would be the early posting where the (little) crypto that IS included in Apache was shrugged off as 'insignificant'. ( MD5, SHA, Hashes, whatever ).   Well... maybe that's a reverse case where ASF is assuming that isn't a problem but might, in fact, cause someone who doesn't really, really understand these things ( like some Justice Department lawyer ) some consternation.   Best bet is for ASF to actually get a RULING on the technology from the State Department or whoever it is that would prosecute down the road if their 'assumptions' don' t match your 'assumptions'.   Get it from the horse's mouth.   Get it in writing.   You could pay tons of lawyers to look into this and they could all still turn out to be wrong. The only people who know what will satisfy them are the people who would prosecute a violation.   ATF? They have jurisdiction for prosecution. Maybe they are the ones who can supply the rulings.   You asked for additional options before going to vote.   That's my 'additional option'.   Wait... and find out the exact nature of the problem and then be SURE the changes provide the proper solution ( if there even is a problem in the first place ).   Yours... Kevin