On Thu, May 28, 1998 at 02:10:30AM -0400, John Kloss wrote: Your name seems familliar to me from the days when I used DOS to access the net more frequently than anything else.. Admittedly that was long ago so I could be wrong.
> so I'm thinking about hosting a web site to do e-commerce (selling disk > and database space to some local stores who want on-line catalogs). so I > figure that they would probably want SSL for credit card stuff. since I'm > in the US I can't just compile in SSLeay to apache without copywrite > violation to RSA, etc. (so says the apache web site) I was thinking about > Stronghold. I went to their site and they said it was basically apache > (I'm assuming 1.2.6 since 1.3 is still beta) with 128bit encryption. They > have binaries for red hat 5.0 but I want to use debian 2.0 since it's what > I know and I like it. There are AFAIK patches available to SSLeay to use RSAREF. There are also Apache-ssl Debian packages in non-us which can be IMPORTED to the US, but not EXPORTED again. There's also a rsaref package in non-us. So, get the source packages for all of these things, build a custom SSLeay with RSAREF linked in, build a custom apache-ssl, and call it good. Or if you don't CARE if your apache uses RSAREF since it uses SSLeay which functions the same with or without it, just grab the apache-ssl binary package. I won't tell RSA if you don't. => > anyone had any experience with this? anyone know of another way (other > than moving out of the US, paying a license fee to RSA and registering a > digital signature with verisign (or whatever they're called), or waiting > for congress to get a clue about encryption)? I want to use apache or some > derivative (because that is also what I know). Yeah, build the packages yourself. =p This is not an ideal solution and it's really the fault of the Clinton administration and the FBI that it's as bad as that. Although the real dog is the RSA patent, I think it's probably possible to challenge the patent if you could challenge the patent if not for current crypto laws...
pgptYAmga3kFz.pgp
Description: PGP signature
