> I perfectly understand that patent laws and other stuff like that
> makes disabling mandatory in certain countries, but to what extent?
> Must it really remove all functions, and not only those that actually
> implement the algorithm in question? Unless this philosophy is
> changed, OpenSSL with RSA, DSA or DH disabled won't be able to use
> those algorithms in external crypto devices either. Honestly, that
> sucks badly.
I believe the rational was that if a string or symbol existed in the
binary that contained the name of a prohibited algorithm then it would
be that much harder to convince someone non-technical that the
algorithm was not in fact being used.
The other reason for doing it the way it is currently done is to
protect against the "crypto-with-a-hole" argument. If some countries
will only approve the export of a software product with a specific set
of algorithms at specific strengths, then they may refuse to export
the software if it allows a hardware (or simulated) device to be
plugged in that provides stronger or different algorithms.
Only the first case has anything to do with the patent issue.
Jeffrey Altman * Sr.Software Designer C-Kermit 7.1 Alpha available
The Kermit Project @ Columbia University includes Secure Telnet and FTP
http://www.kermit-project.org/ using Kerberos, SRP, and
[EMAIL PROTECTED] OpenSSL. SSH soon to follow.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
