Welcome!
Arthur Corliss
corliss at sinbad.net
Tue Mar 9 19:33:12 CST 1999
On Mon, 8 Mar 1999, Roxanne Reid-Bennett wrote:
> Well, that's the rich international patent registration field vs US NSA
> regs you're talking of. RSA isn't allowed to export the technology, so
> of course they can't have a patent on it outside the US <veg>
:-P We wouldn't have this problem if encryption wasn't a controled munition,
though.
> Frankly, I'm not sure. However... The SSLeay doc itself indicates that
> you can use IDEA (easily hacked) or triple DES (paranoid minded) instead
> of the RSA techniques. I've noted with the interface that I'm playing
> around with more often than not (what little I paid attention to it),
> the SSLeay interface to Netscape Commercer Server picked triple DES.
> [it's a "auto-magically selected encryption algo depending upon what
> each side speaks"]
>
> That's about how much I know. There is a list of options for encryption
> that goes along these lines (for SSLeay): (from the README)
>
> I am *not* a crypt knowledgable person, so most of this is Greek to me.
> I did read a short lesson on cryptography for net transactions that
> explained some of the issues around trusted servers (hence the need for
> certificates from known issuers), spoofing, trojan, and other ways that
> people can get in the middle of a conversation and wreak havoc.
>
> I'm trying to keep my interface to a minimum, namely using layered perl
> products on an already installed version of SSLeay (with an already
> purchased license) for a customer who has purchased the right to use
> that version of SSLeay through the web interface. I've told my customer
> that I'm not 100% certain he's legal, even with this...the only way I
> know for him to be sure would be to contact RSA directly.
:-) Definitely some good info there, I appreciate it. I'll have to delve
deeper into secure transactions eventually. . .
--Arthur Corliss
Bolverk's Lair -- http://www.odinicfoundation.org/arthur/
"Live Free or Die, the Only Way to Live" -- NH State Motto
More information about the Anchorage-pm
mailing list