Re: LYNX-DEV https/ssl question

[tzeruch]

On Tue, 13 May 1997, Laura Eaves wrote:

> * I tried using edssl instead of eassl because the description on Subir's
>   patches page says that eassl is "the proxy itself" and edssl is the "whole
>   kaboodle (lynx netscape server ...)" whatever that means.
>   Actually I downloaded both.  Edssl only contains a few files, but at least
>   has a detailed README, which eassl doesn't have.
>   So how do I use eassl?

edssl is for multiple users designed to be installed by administrators so
several people can use it (since it forks a process for each connection).

eassl is a single-threaded version.  It does work if you aren't root, but
I derived it by hacking edssl and failed to further userize it.

I also have an lxprox.c or some such that is a minimalist version.

You have to install SSLeay (and set the paths) to /home/you/ssl or
something similar, and mod the eassl code similarly, but I have run it
(and edssl) as an ordinary user.  In the latter case, I can specify the
conf file on the command line, and put paths to local directories there.

>   But I don't understnad government regulations any better than I understand
>   encryption at this point.  If anyone can clarify either or both, feel free
>   to respond.  Otherwise, delete this message.

It is why I don't post updates directly to the net.  It is now EAR out of
the commerce department, but the rules haven't really changed.  Even if I
tweak eassl to link locally, it isn't going to be posted unless something
happens.

Basically:

Strong encryption technology is considered a "munition" since it has
military value (like the enigma machine to the germans).

Depending on the phase of the moon, it does or does not include books
describing algorithms, floppies, hardcopy, articles, etc. of actual
crypto.

Along with that, anything with "hooks" to crypto is considered the same as
crypto (which is where my proxies and Fote's overlay come in).

Placing anything on a public FTP site (that doesn't verify return site and
do things like rotate directories) is equivalent to exporting.

Public Domain code appears to be exempt, but is in a different part of the
regulations.  Hardcopy appears to be exempt (if it is not barcode, but
readable).  But this is more contradictory language (page X says crypto is
not exportable, but Y says PD is exportable).

Much of this would not hold up with a court challenge (e.g. the Bernstein
case).  See the gold-key campaign link on www.mich.com/~thomas/ftp for
more info.  Rep Goodlatte (R-VA) has the SAFE bill in the house and Conrad
Burns (R-MT) has the ProCode bill in the Senate trying to repeal the regs.

Check out www.eff.org, www.cdt.org, privacy.org and the crypto sites from
there.


;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;