[Previous] [Next] [Index]
[Thread]
Re: Public httpd servers that support encryption
On Wed, 8 Nov 1995, Andrew Cameron wrote:
> I have been told that one can be found at
> ftp.psy.uq.oz.au/pub/Crypto/SSL/ and
> ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
>
> -----------------------------------------------------------------------------
>
> Andrew Cameron
> Internet : andrew@andy.alt.za
> X.400 : C=ZA G=Andrew S=Cameron Admd=TELKOM400
>
> ----------------------------------------------------------------------------
Andrew,
Thanks. I read that post too, with great interest. I was actually quite
glad to see your origional post. Because, just maybe...
Anyway, have you had the time to check it out yet?
I have. It looks quite promising.
Obviously (from the path info) it's an SSL Implementation.
Well, here's what I came away with:
It is VERY new and quite ALPHA though the docs say it's beta.
It is written by an individual, not a group.
Combine these facts, and it is probably still quite buggy.
What it appears to be:
It is actually a set of libraries and programs that support SLL...
or rather a "raw" SSL implementation that can be used to develop
actual SSL applications. These are in the .../SSL/ subdirectory.
In the .../SSLapps/ subdirectory is a set of example apps and/or patches
that utilize the above libraries. Among these are patches for NCSA's
httpd versions 1.2 and 1.4.
The problems (legal) at least in the US:
Be sure to read the file, RAMBLINGS. I think it's in the .../SSL/
subdirectory. It gives a pretty detailed explanation of the dubious
legal status and possible implications of this code in the US and
some other similarly fascist countries that have a choke-hold on
cryptographic sciences in their respective domains (pun intended).
COMMERCIAL: "One for the Gipper"
The US governmental policies on the exporting of cryptographic code are
overly restrictive, futile, rediculous and almost as antiquated as...
the need for an electoral college in order to enable a national election!?
They are pure ant-freedom, serving only to allow the government to harangue
normal citizens like Phil Zimmerman (author of PGP) as though they were
criminals while maintaining nearly unbreachable monopolies for companies
like PKP and RSA who make a fortune off of the life work of men like
Whitfield Diffie (inventor of Public Key Cryptography) and others who's
financial gains from their own work are comparatively insignificant, whom
would be prosecuted as criminals if they sent a copy of their work to
a friend or relative in another country.
<Step down from the soap box now>
Basically, mind your Ps & Qs if you want to play with this one. However,
you may be totally in the clear. I noticed that your internet and x.400
addresses indicate that your country is "ZA". I don't know what country
that is, but depending on the laws there, you may have nothing to worry
about.
Upshot:
I think it's great! I hope it makes it through the coming storm. The
package is eponymously named SSLeay for it's author Eric Young. Email:
eay@mincom.oz.au
+-----------------------------------+
| +-------------------------------+ |
| | Kyle Amon | |
| +-------------------------------+ |
| | sfbzb1pu@scfn.thpl.lib.fl.us | |
| | amonk@delphi.com | |
| | amonk@cyberspace.org | |
| | amonk@freenet.scri.fsu.edu | |
| +-------------------------------+ |
+-----------------------------------+
Disclaimer: Any opinions which may be eroneously infered from
forgoing text were not actually implied.
Follow-Ups:
References: