1995-07-26 - NSA and the NCSA/Apache web servers

Header Data

From: “Amir Y. Rosenblatt” <axon@neuron.net>
To: cypherpunks@toad.com
Message Hash: 8145f143458a58ca7566c2635f3c8c650373e5f4d0ba7fcad2b011b524ae1676
Message ID: <Pine.SOL.3.91.950726103519.23445C-100000@pipe6>
Reply To: N/A
UTC Datetime: 1995-07-26 14:50:42 UTC
Raw Date: Wed, 26 Jul 95 07:50:42 PDT

Raw message

From: "Amir Y. Rosenblatt" <axon@neuron.net>
Date: Wed, 26 Jul 95 07:50:42 PDT
To: cypherpunks@toad.com
Subject: NSA and the NCSA/Apache web servers
Message-ID: <Pine.SOL.3.91.950726103519.23445C-100000@pipe6>
MIME-Version: 1.0
Content-Type: text/plain



I was flipping through the Apache http Server Project's web site 
<http://www.apache.org/>  when I came across the following note:

   Note: We were informed by NCSA that the NSA (The US National Security
   Agency - yes, the folks who in 1994 said "we're only 10 years 
   behind schedule")  considered the hooks to encryption in NCSA's httpd 
   to be in violation of the munitions export law, thereby making its 
   distribution to foreign sites illegal. For various reasons, we decided 
   to remove the -DPEM_AUTH code completely.

This was followed by a pointer to http://www.apache.org/nopgp.html from 
which the following text was taken:

   On May 17th, 1995, we were asked by a representative of NCSA to remove 
   any copies of NCSA httpd prior to 1.4.1 from our web site. They were 
   mandated by the NSA to inform us that redistribution of pre-1.4.1 code 
   violated the same laws that make distributing Phill Zimmerman's PGP 
   package to other countries illegal. There was no encryption in NCSA's
   httpd, only hooks to publicly available libraries of PEM code. By the 
   NSA's rules, even hooks to this type of application is illegal. 

Wow -- hooks to encryption are unexportable -- now THAT's bullshit.  Sheesh.

	-Amir

       /\     Set the controls for the heart of the sun.    -Pink Floyd    
______/  \    ___________ __ __  _  _  _  _   .   .   . axon@neuron.net
          \  / 
           \/    For PGP 2.6 key send mail with subject: SEND PGPKEY






Thread