Re: OpenSSL usage liability.

K Wed, 17 Nov 1999 06:56:32 -0800
thank you geoff, that was enlightening.

what about the fact that we are a swiss company? we remotely admin our boxes
and so obviously we will send this 'tool' to our server from switzerland. is
that legal? (i think it might be because i thought i heard somewhere it was
ok to send crypto tools TO the US, just not export to the rest of the world
FROM the US.) ideas? clue?

thanks!


----- Original Message -----
From: Geoff Thorpe <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 17, 1999 5:05 AM
Subject: RE: OpenSSL usage liability.


> Hi there,
>
> On Wed, 17 Nov 1999 [EMAIL PROTECTED] wrote:
>
> > > Will the US
> > > gov. bust us
> > > since encrypted communications will be going across it's
> > > borders?
> >
> > No, as long as you use exportable ciphersuites (see one of the
> > apendixes of the SSL spec for a list of those). That is, you limit the
> > length of your symmetric key to what is it now? 56 bit?
>
> The strength of the cryptography being *used* across the border should not
> matter. Someone in the US can talk to my webserver at 128-bit crypto (and
> vice versa) if they want and are not guilty of exporting crypto. If they
> try to send me a 128-bit *tool* with which to conduct such transmissions
> then they do have a problem.
>
> The use of crypto is not the problem with the US (although it was/is in
> France and may be in other places too) ... it's the distribution of the
> tools with which to perform the crypto that is the sticking point.
>
> NB: I reserve the right to be wrong. :-)
>
> Cheers,
> Geoff
>
>
> ----------------------------------------------------------------------
> Geoff Thorpe                                    Email: [EMAIL PROTECTED]
> Cryptographic Software Engineer, C2Net Europe    http://www.int.c2.net
> ----------------------------------------------------------------------
> May I just take this opportunity to say that of all the people I have
> EVER emailed, you are definitely one of them.
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: OpenSSL usage liability.

Reply via email to
