From: Alex Strasheim <cp@proust.suba.com>
Date: Sun, 21 Apr 1996 07:17:30 +0800
To: cypherpunks@toad.com
Subject: Re: Add-in encryption module to Netscape
In-Reply-To: <199604201650.MAA14845@jekyll.piermont.com>
Message-ID: <199604202042.PAA04800@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


> You made a mistake in buying Netscape commerce in the first place, but
> don't despair! You can still get Apache, an excellent web server, and
> an unencumbered SSL module that you can use without restriction
> outside the U.S. (if you want to run it inside the U.S. you need to
> pay a fee because of the patents on RSA).

The browsers present a bit of a problem as well -- the free Netscapes that
people download uses small keys, so it won't matter if you use an Apache
or Netscape server if people browse your site with Netscape navigators.  I
think there are full strength Mosaic's available, but I've never used
them. 

Also, you should check to see if you can get a verisign certificate for 
the international version of apache-ssl -- if you can't, that might cause 
you problems as well.

The best answer for these sorts of problems (at least for those of you not
constrained by ITAR) might be java form processing applets that use their
own crypto routines to submit the data.