[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
NSA and the NCSA/Apache web servers
I was flipping through the Apache http Server Project's web site
<http://www.apache.org/> when I came across the following note:
Note: We were informed by NCSA that the NSA (The US National Security
Agency - yes, the folks who in 1994 said "we're only 10 years
behind schedule") considered the hooks to encryption in NCSA's httpd
to be in violation of the munitions export law, thereby making its
distribution to foreign sites illegal. For various reasons, we decided
to remove the -DPEM_AUTH code completely.
This was followed by a pointer to http://www.apache.org/nopgp.html from
which the following text was taken:
On May 17th, 1995, we were asked by a representative of NCSA to remove
any copies of NCSA httpd prior to 1.4.1 from our web site. They were
mandated by the NSA to inform us that redistribution of pre-1.4.1 code
violated the same laws that make distributing Phill Zimmerman's PGP
package to other countries illegal. There was no encryption in NCSA's
httpd, only hooks to publicly available libraries of PEM code. By the
NSA's rules, even hooks to this type of application is illegal.
Wow -- hooks to encryption are unexportable -- now THAT's bullshit. Sheesh.
-Amir
/\ Set the controls for the heart of the sun. -Pink Floyd
______/ \ ___________ __ __ _ _ _ _ . . . [email protected]
\ /
\/ For PGP 2.6 key send mail with subject: SEND PGPKEY