On 22 July 2016 at 01:31, Tom Lane <t...@sss.pgh.pa.us> wrote: > David Steele <da...@pgmasters.net> writes: > > On 7/21/16 12:19 PM, Robert Haas wrote: > >> On Wed, Jul 20, 2016 at 7:42 PM, Michael Paquier > >> <michael.paqu...@gmail.com> wrote: > >>>> People have, in the past, expressed concerns about linking in > >>>> pgcrypto. Apparently, in some countries, it's a legal problem. > > >>> Do you have any references? I don't see that as a problem. > > >> I don't have a link to previous discussion handy, but I definitely > >> recall that it's been discussed. I don't think that would mean that > >> libpgcrypto couldn't depend on libpgcommon, but the reverse direction > >> would make libpgcrypto essentially mandatory which I don't think is a > >> direction we want to go for both technical and legal reasons. > > > I searched a few different ways and finally came up with this post from > Tom: > > https://www.postgresql.org/message-id/11392.1389991...@sss.pgh.pa.us > > It's the only thing I could find, but thought it might jog something > > loose for somebody else. > > Way back when, like fifteen years ago, there absolutely were US export > control restrictions on software containing crypto. I believe the US has > figured out that that was silly, but I'm not sure everyplace else has. >
Australia has recently enacted laws that are reminiscent of the US's defunct crypto export control laws, but they add penalties for *teaching* encryption too. Yup, you can be charged for talking about it. Of course they'll only actually USE those new powers to Stop The Terrorist Threat, they promise... http://www.defence.gov.au/deco/DTC.asp Unless recently amended, they even failed to exclude academic institutions. I haven't been following it closely because, frankly, it's too ridiculous to pay much attention to, and I don't work directly with crypto anyway. But it's far from the only such colossally ignorant and idiotic law floating around. Despite the technical frustrations involved, we should keep crypto implementations in a separate library. I agree with Tom that one-way hashes are not a practical concern, even if the laws are probably written too poorly to draw a distinction. -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services
