From: “Amir Y. Rosenblatt” <axon@neuron.net>
To: cypherpunks@toad.com
Message Hash: 8145f143458a58ca7566c2635f3c8c650373e5f4d0ba7fcad2b011b524ae1676
Message ID: <Pine.SOL.3.91.950726103519.23445C-100000@pipe6>
Reply To: N/A
UTC Datetime: 1995-07-26 14:50:42 UTC
Raw Date: Wed, 26 Jul 95 07:50:42 PDT
From: "Amir Y. Rosenblatt" <axon@neuron.net>
Date: Wed, 26 Jul 95 07:50:42 PDT
To: cypherpunks@toad.com
Subject: NSA and the NCSA/Apache web servers
Message-ID: <Pine.SOL.3.91.950726103519.23445C-100000@pipe6>
MIME-Version: 1.0
Content-Type: text/plain
I was flipping through the Apache http Server Project's web site
<http://www.apache.org/> when I came across the following note:
Note: We were informed by NCSA that the NSA (The US National Security
Agency - yes, the folks who in 1994 said "we're only 10 years
behind schedule") considered the hooks to encryption in NCSA's httpd
to be in violation of the munitions export law, thereby making its
distribution to foreign sites illegal. For various reasons, we decided
to remove the -DPEM_AUTH code completely.
This was followed by a pointer to http://www.apache.org/nopgp.html from
which the following text was taken:
On May 17th, 1995, we were asked by a representative of NCSA to remove
any copies of NCSA httpd prior to 1.4.1 from our web site. They were
mandated by the NSA to inform us that redistribution of pre-1.4.1 code
violated the same laws that make distributing Phill Zimmerman's PGP
package to other countries illegal. There was no encryption in NCSA's
httpd, only hooks to publicly available libraries of PEM code. By the
NSA's rules, even hooks to this type of application is illegal.
Wow -- hooks to encryption are unexportable -- now THAT's bullshit. Sheesh.
-Amir
/\ Set the controls for the heart of the sun. -Pink Floyd
______/ \ ___________ __ __ _ _ _ _ . . . axon@neuron.net
\ /
\/ For PGP 2.6 key send mail with subject: SEND PGPKEY
Return to July 1995
Return to “Ray Arachelian <sunder@escape.com>”