On 22 July 2016 at 01:31, Tom Lane <t...@sss.pgh.pa.us> wrote:

> David Steele <da...@pgmasters.net> writes:
> > On 7/21/16 12:19 PM, Robert Haas wrote:
> >> On Wed, Jul 20, 2016 at 7:42 PM, Michael Paquier
> >> <michael.paqu...@gmail.com> wrote:
> >>>> People have, in the past, expressed concerns about linking in
> >>>> pgcrypto.  Apparently, in some countries, it's a legal problem.
> >>> Do you have any references? I don't see that as a problem.
> >> I don't have a link to previous discussion handy, but I definitely
> >> recall that it's been discussed.  I don't think that would mean that
> >> libpgcrypto couldn't depend on libpgcommon, but the reverse direction
> >> would make libpgcrypto essentially mandatory which I don't think is a
> >> direction we want to go for both technical and legal reasons.
> > I searched a few different ways and finally came up with this post from
> Tom:
> > https://www.postgresql.org/message-id/11392.1389991...@sss.pgh.pa.us
> > It's the only thing I could find, but thought it might jog something
> > loose for somebody else.
> Way back when, like fifteen years ago, there absolutely were US export
> control restrictions on software containing crypto.  I believe the US has
> figured out that that was silly, but I'm not sure everyplace else has.

Australia has recently enacted laws that are reminiscent of the US's
defunct crypto export control laws, but they add penalties for *teaching*
encryption too. Yup, you can be charged for talking about it. Of course
they'll only actually USE those new powers to Stop The Terrorist Threat,
they promise...


Unless recently amended, they even failed to exclude academic institutions.
I haven't been following it closely because, frankly, it's too ridiculous
to pay much attention to, and I don't work directly with crypto anyway. But
it's far from the only such colossally ignorant and idiotic law floating

Despite the technical frustrations involved, we should keep crypto
implementations in a separate library. I agree with Tom that one-way hashes
are not a practical concern, even if the laws are probably written too
poorly to draw a distinction.

 Craig Ringer                   http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services

Reply via email to