Leah Abad queried the List:
>Does anyone had experience with RSA's BSAFE SSL-C toolkit? I saw something
>that said that the APIs are the same as with SSLeay (the predecessor to
>OpenSSL)....
Eric A. Young, the EAY of SSLeay, and his partner, Tim Hudson
(SSLapps), last year withdrew from their previous association with C2 and
accepted an offer from the US-based RSA Security to establish and lead an
independent crypto development lab in Brisbane, Australia.
See RSA-Australia: <http://www.rsasecurity.com.au/>
Eric, now CTO of RSA-Australia, rewrote enough of SSLeay to justify
to both the US and the Australian government authorities that it was wholly
and provably based on non-American sources. That allowed RSA-Australia (and
RSAS) to get permission from both governments to let RSA-Australia ship the
rewrite as RSA BSAFE SSL-C in the international crypto market -- effectively
escaping the draconian Yankee crypto export regs to operate under the
relatively liberal (although still Wassenaar-based) Aussie export controls.
The RSA lab in Brisbane operates with a regulator-imposed "glass
wall" between the RSA crypto engineers in Australia and the US -- but it
claims the advantage of the QA, R&D, documentation, and OEM
product-integration infrastructure that RSADSI had developed over two
decades. (I've been a consultant to RSA's parent firm, Security Dynamics --
now renamed RSA Security, Inc. -- for many years, so I am admittedly biased
in this area. Flames are always welcome. My kids read them and grade them;-)
Eric and Tim now lead an RSA development team that has continued to
enhance SSL-C in interesting ways -- but they have kept the SSL-C API almost
identical to what Eric originally designed for SSLeay.
SSL-C from the RSA/SSLeay team has been a boon to RSAS, which had
previously been effectively barred from the international market by US
export regs. The Boys in Brisbane, OTOH, are able to explore new ways to
exploit the flow of new cryptosystems and protocols from the fertile mind of
MIT Prof Ron Rivest and his team at RSA Labs: not only SSL's RC2 & RC4; but
RC5; AES candidate RC6; environments like S/MIME and SET; and others in the
RC pipeline.
Major deals with long-term market impact followed shortly after the
repackaged SSLeay was integrated into commercial RSA suite a year ago. In
Israel, Checkpoint, the market leader in firewalls, licensed BSAFE SSL-C --
and the right to use the RSA imprematur in its resale to corporate consumers
worldwide. In the US, Intel licensed of the whole RSA crypto suite
(including SSL-C) for its future crypto-in-the-chip offerings.
Outside the US, for the first time, RSA-branded SSL implementation
code was available to that portion of the international market which
requires full-dress commercial support from an established vendor which can
accept significant liability and make major financial commitments -- the
market companies like Baltimore Tech earlier had to themselves.
And then there are all these savvy, talented, and experienced SSLeay
(OpenSSL) veterans everywhere, who are already intimately familiar with
BSAFE SSL-C's API.... ;-)
Suerte,
_Vin
--------
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which
by its nature will resist efforts to restrict it to bureaucrats and others
who deem only themselves worthy of such Privilege."
_A Thinking Man's Creed for Crypto _vbm
* Vin McLellan + The Privacy Guild + <[EMAIL PROTECTED]> *
Thus, some portion of the heritage of SSLeay has been woven back into the
commercial crypto market inside and outside the US.
>
>
>
>
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
