Peter Xiao wrote:
--------------
Hi,I have a question regarding the following situation.
In the US, using strong cryptography is regulated. However, there are
certain situations under which you can use strong cryptography and the
export licenses are approved on the per case basis. I know the base
Apache package does not have SSL and hence exportable. Also, I know
mod_ssl is using strong cryptograhy and is easy to be integrated into
the base Apache to enable SSL. Now, assume I build an application based
on the base Apache server. Can I export my application? My concern is
that people outside of US can EASILY plug-in SSL using mod_ssl. Can
anyone give some help or comments on this??Thanks in advance!Peter
---------------
Peter,
The answer to your question depends largely on the nature of your
application. If your application requires mod_ssl to be installed, if your
application does any checks for mod_ssl, if your applications behaves any
differently depending on whether https (or any other crypto) is available,
then the answer is most likely that it can not be exported.
If however your application does not do any of the above and is written to
be unaware of any third-party cryptographic additions to Apache, then your
application is exportable. If this was not the case, then Apache itself
would not be exportable.
While it is true that somebody can easily add SSL capabilities to Apache
(and thereby perhaps to your application), this is not your problem. One can
add SSL to just about any application that uses TCP on predefined ports.
[IANAL, but I have worked for many years in the mine field of US crypto
export regulations. Also please note that I read your question over the web
and am not subscribed to this list. Please cc: me on any follow-ups].
Thanks,
--Lucky Green <[EMAIL PROTECTED]>
PGP 5.x encrypted email preferred
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
