[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NSA and the NCSA/Apache web servers




I was flipping through the Apache http Server Project's web site 
<http://www.apache.org/>  when I came across the following note:

   Note: We were informed by NCSA that the NSA (The US National Security
   Agency - yes, the folks who in 1994 said "we're only 10 years 
   behind schedule")  considered the hooks to encryption in NCSA's httpd 
   to be in violation of the munitions export law, thereby making its 
   distribution to foreign sites illegal. For various reasons, we decided 
   to remove the -DPEM_AUTH code completely.

This was followed by a pointer to http://www.apache.org/nopgp.html from 
which the following text was taken:

   On May 17th, 1995, we were asked by a representative of NCSA to remove 
   any copies of NCSA httpd prior to 1.4.1 from our web site. They were 
   mandated by the NSA to inform us that redistribution of pre-1.4.1 code 
   violated the same laws that make distributing Phill Zimmerman's PGP 
   package to other countries illegal. There was no encryption in NCSA's
   httpd, only hooks to publicly available libraries of PEM code. By the 
   NSA's rules, even hooks to this type of application is illegal. 

Wow -- hooks to encryption are unexportable -- now THAT's bullshit.  Sheesh.

	-Amir

       /\     Set the controls for the heart of the sun.    -Pink Floyd    
______/  \    ___________ __ __  _  _  _  _   .   .   . [email protected]
          \  / 
           \/    For PGP 2.6 key send mail with subject: SEND PGPKEY