From: BRIAN MCBEE <opac!brian%OPAC.osl.or.gov@CS.ORST.EDU>
Date: Fri, 15 Jan 93 12:57:34 PST
To: CYPHERPUNKS@TOAD.COM
Subject: use of ripem instead of pgp
Message-ID: <00966A50.87B655C0.23058@OPAC.OSL.OR.GOV>
MIME-Version: 1.0
Content-Type: text/plain


> RIPEM is Mark Riordan's public-key program.  It is similar to PEM, but does
> not use the PEM certificates and therefore does not require people to have
> their keys signed by an agency.  It is not really PEM compatible. It does
> use the RSAREF public-domain encryption package, so it is legal for non-
> commercial use in the U.S. and Canada.
> 
> What I suggested was the use of RIPEM since it is available now, is legal,
> and is free.
> 
> Note, though, that whether RIPEM or PGP is used, they are only for non-
> commercial use.  A remailer that wanted to charge, such as the ones that
> Eric Messick is discussing, would probably have to license the technology
> from PKP directly to be legal.  (I'm not sure whether PEM also is limited
> to non-commercial use.)
> 
> Hal Finney
> 74076.1041@compuserve.com
 
Since the only reason we are talking about RIPEM is because of legality 
concerns about PGP, I thought I'd mention that it is (at least theoretically) 
illegal to export RIPEM from the US, annd therefore could not be legally used 
to correspond with persons overseas.

I don't know if there is a legal way to do public key cryptography between 
persons inside the US and persons outside the US.
 
----- Brian McBee ----- (503)378-4276 ----- brian@opac.osl.or.gov -----
----- Oregon State Library, State Library Building, Salem, OR 97310 -----
                   Plan globally, attack locally