lynx-dev SSL Again (was: [ no useful subject ] )

[David Woolley]

> Content-Type: text/html; charset=us-ascii

Don't do this on mailing lists.

> Content-Transfer-Encoding: 7bit
> 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML>
> I&nbsp;was wanting to suggest incorporating secure site access via Lynx.&nbsp;

SGML parser error, no <BODY> (or <HEAD>).

> There are several applications where I'd enjoy being able to use Lynx over
> another browser, but with no support for secure access, it does me no good.

This is a question for your congressman, not for the list.  Distribution of
SSL capable versions of Lynx, which do exist, and I believe are referenced
from the web site, are severely restricted by US criminal and civil law.

The USA is about the only country which permits algorithms to be patented
and SSL uses non-royalty free patented algorithms (SSL itself is patented
by Netscape, but only to stop others patenting it).  It may be used
non-commercially in the USA, royalty free, providing you use RSAREF for the
patented parts, but the GPL under which Lynx is distributed doesn't permit
redistribution of binaries which are restricted to non-commercial use,
so SSL Lynx binaries are non redistributable in the USA.

There are external proxy solutions that avoid the GPL conflict, but still
don't permit commercial use.

There are very few candidate public key encryption algorithms and all are
patented.

It is a felony under US law to export encryption software without an
export licence and no such licence exists for SSL Lynx, and it is unlikely
that a non-commercial product, available as source code, would get such
a licence, even if the encryption were weakened to level allowed for
exportable commercial products.  The author of PGP was under threat of
prosecution, for a long time, on this issue.  Encryption software is 
considered an armament, for export control purposes.