On 08/20/2012 03:10 PM, Josh Berkus wrote:
On 8/15/12 6:48 AM, Tom Lane wrote:
The argument against moving crypto code into core remains the same as it
was, ie export regulations. I don't see that that situation has changed
at all.
Actually, I believe that it has, based on my experience getting an
export certificate for Sun Postgres back in 2008.
The US Federal government lifted restrictions on shipping well-known
cryptographic algorithms to most countries several years ago, except to
specific countries with embargoes (Iran, Burma, etc.). However, *all*
exports of software to those embargoed countries are restricted,
cryptographic or not.
The USA does require an export certificate for any
cryptographic-supporting software which is shipped from the USA. For
that, however, MD5 and our support for SSL authentication already
requires a certificate, whether we include SHA or not. So, my personal
non-lawyer experience is that including SHA in core or not would make no
difference whatsoever to our export status.
The above is all secondhand legal knowledge, so if it really matters to
our decisions on what algorithms we include in Core, we should ask SFLC
for a real opinion. We certainly shouldn't make one based on assumptions.
I think it's more significant, though, that nobody has been able to
demonstrate that SHA hashing of passwords actually makes Postgres more
secure.
I don't think US export regulations are the only issue. Some other
countries (mostly the usual suspects) forbid the use of crypto software.
If we build more crypto functions into the core we make it harder to use
Postgres legally in those places.
cheers
andrew
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers