Hi there,
On Wed, 17 Nov 1999 [EMAIL PROTECTED] wrote:
> > Will the US
> > gov. bust us
> > since encrypted communications will be going across it's
> > borders?
>
> No, as long as you use exportable ciphersuites (see one of the
> apendixes of the SSL spec for a list of those). That is, you limit the
> length of your symmetric key to what is it now? 56 bit?
The strength of the cryptography being *used* across the border should not
matter. Someone in the US can talk to my webserver at 128-bit crypto (and
vice versa) if they want and are not guilty of exporting crypto. If they
try to send me a 128-bit *tool* with which to conduct such transmissions
then they do have a problem.
The use of crypto is not the problem with the US (although it was/is in
France and may be in other places too) ... it's the distribution of the
tools with which to perform the crypto that is the sticking point.
NB: I reserve the right to be wrong. :-)
Cheers,
Geoff
----------------------------------------------------------------------
Geoff Thorpe Email: [EMAIL PROTECTED]
Cryptographic Software Engineer, C2Net Europe http://www.int.c2.net
----------------------------------------------------------------------
May I just take this opportunity to say that of all the people I have
EVER emailed, you are definitely one of them.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
