On Sun, Oct 15, 2000 at 01:16:34AM -0400, E. Jay Berkenbilt wrote:
>
> [I'm not currently subscribed to this list, so please cc me on responses.]
>
> After about September 20, the RSA patent has expired in the USA.
> Also, earlier this year, the USA finally relaxed its export laws
> concerning encryption software. (There are still some places where
> you can't export encryption, but it's not nearly as bad as it once
> was.)
Actually, it's not much of a change legally.
Clinton signed an Executive Order. This is not a change in law, just a
change in how the government will interpret the law until they see a
reason to change their mind. (And because it's not a revocation of the
law, if/when they change their mind, any exports done during the current
reading of the law would be re-evaluated for their legal status. So,
yes, what you're told is 'legal' today you can be convicted for
tomorrow.)
Crypto belongs in non-US until the US Government changes the law.
> With this change, there have been a number of positive developments in
> the open-source world. For example, gnupg 1.0.3 now supports RSA.
> Also, RedHat 7.0 includes stunnel, openssl, openssh, apache's mod_ssl,
> an ssl-aware smbclient, and perhaps other software that uses the RSA
> algorithm, and since 6.2, Kerberos, gnupg, and the 128-bit version of
> Netscape have been included.
>
> As far as I can tell, Debian has not moved any of these things out of
> non-free/non-US even for the unstable distribution. Are there plans
> to do this? If not, why not? I'd be grateful if someone could shed
> some light on this issue.
None of the above are in non-free, excepting Netscape, which won't be
moved until Netscape release source to it. (Mozilla is partial source
to Netscape 6, but even that's not -full- source.)
The Netscape 4.75 debs are 128 bit.
--
CueCat decoder .signature by Larry Wall:
#!/usr/bin/perl -n
printf "Serial: %s Type: %s Code: %s\n", map { tr/a-zA-Z0-9+-/ -_/; $_ = unpack
'u', chr(32 + length()*3/4) . $_; s/\0+$//; $_ ^= "C" x length; } /\.([^.]+)/g;
