I need some help with making a US-export happy OpenSSL.
So I had a phone call with the NSA here and asked them what I can
get away with. Note that the conversation was specific to Apple, and
not necessarily applicable to my fellow Americans, but I doubt that
we are suoer special.
56-bit DES is no problem.
56-bit restricted RSA is no problem.
3DES is not allowed.
In general, they seemed to imply 56 bits of anything is no
problem, but I'll have to double check that. Probably if there were
such as thing as 128-bit rot13 is would not be allowed. They seem
preoccupied with bits. I'm waiting on the actually approval to come
to my desk to be sure about this area; our lawyers have it.
RSA patents aren't a problem for us.
The plan is for OpenSSL to be a dynamic shared library.
Therefore, if you manage to get along of a stronger version and drop
it in, all binaries should be able to take advantage of the stronger
crypto. Yes, I brought this up in the phone call, and it's OK. It
must, however, be necessary to replace (or edit) the library binary
in order to enable stronger encryption.
But I need to make OpenSSL comply with the above bit limits and
whatnot. Is this:
a) Doable? Easy? How do I proceed?
b) Still going to give me a (moderately) useful SSL?
-Fred
--
Wilfredo Sanchez, [EMAIL PROTECTED]
Apple Computer, Inc., Core Operating Systems / BSD
Technical Lead, Darwin Project
1 Infinite Loop, 302-4K, Cupertino, CA 95014
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]