[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV SSL for Lynx 2.8
|
From: |
David Woolley |
|
Subject: |
Re: LYNX-DEV SSL for Lynx 2.8 |
|
Date: |
Mon, 9 Mar 1998 08:59:00 +0000 (GMT) |
> offended.) With SSL, they can't. It's as simple as that.
No its not. The level of SSL that could legally be exported to the UK
(any Lynx SSL can't legally be exported from the USA, though) until quite
recently cost something like US$10 to US$100 in machine time to break.
The 56 bit level may put the cost above most credit card limits for a
few more years, but not indefinitely. The 128 bit level will eventually
be breakable at a reasonable cost.
It's also probably true that SSL owes more to commercial hype than
real threat; the real threat to credit cards is probably from corrupt
employees at the destination site, and of course conventional frauds
like double swiping the physical card.
> Adding SSL support to the Lynx executable doesn't break anything. It's a
It breaks the distributability of the binary code (see the GPL - there
are patent royalties involved and export controls) and I would argue the
source code. Some people have argued that it *might* be legal to distribute
the binary completely outside of the USA, or even (although I would strongly
disagree with this) to create it outside the USA, store it outside the USA
and distribute it to end users, who have no intention of redistributing,
who are within the USA. (Distribution of the source is more complicated
because, whereas the binary is covered by explicit GPL clauses on patents,
the source need not contain RSA and it is therefore export controls that
matter, and the GPL doesn't explicitly mention these, although they might
be considered similar in effect to patents.)
It is illegal under the RSA patents to use Lynx+SSL for commercial purposes
in the USA (this definitely includes use by a business, but probably
technically includes use by an individual for a commercial transaction, as
is inevitably the case for a credit card sale - it seems unlikely that
an action would be brought against the user as the legal costs would
far outweigh any damages that might be obtained, and there would probably
be adverse publicity).
> win/win situation - nobody gets shafted!. (Except you need to build
> SSLeay, which can turn in to a big pain for novices and even experts.)
- LYNX-DEV SSL for Lynx 2.8, Mark Mentovai, 1998/03/08
- Re: LYNX-DEV SSL for Lynx 2.8, Wayne Buttles, 1998/03/08
- Re: LYNX-DEV SSL for Lynx 2.8, Mark Mentovai, 1998/03/08
- LYNX-DEV Do SureTrade, e.Schwab, or Wells Fargo Online work with SSL?, Matt Ackeret, 1998/03/08
- Re: LYNX-DEV Do SureTrade, e.Schwab, or Wells Fargo Online work with SSL?, Mark Mentovai, 1998/03/08
- Re: LYNX-DEV Do SureTrade, e.Schwab, or Wells Fargo Online work with SSL?, William Fulmor, 1998/03/08
- Re: LYNX-DEV Do SureTrade, e.Schwab, or Wells Fargo Online work with SSL?, David Woolley, 1998/03/15
- Re: LYNX-DEV Do SureTrade, e.Schwab, or Wells Fargo Online work with SSL?, William Fulmor, 1998/03/15
- Re: LYNX-DEV Do SureTrade, e.Schwab, or Wells Fargo Online work with SSL?, David Woolley, 1998/03/17
- Re: LYNX-DEV Do SureTrade, e.Schwab, or Wells Fargo Online work with SSL?, Jonathan Bobin, 1998/03/09
- Re: LYNX-DEV SSL for Lynx 2.8,
David Woolley <=
Re: LYNX-DEV SSL for Lynx 2.8, T.E.Dickey, 1998/03/08
Re: LYNX-DEV SSL for Lynx 2.8, T.E.Dickey, 1998/03/08
Re: LYNX-DEV SSL for Lynx 2.8, David Woolley, 1998/03/11