Welcome!

[Arthur Corliss]

On Mon, 8 Mar 1999, Roxanne Reid-Bennett wrote:

> Well, that's the rich international patent registration field vs US NSA
> regs you're talking of.  RSA isn't allowed to export the technology, so
> of course they can't have a patent on it outside the US <veg>

:-P  We wouldn't have this problem if encryption wasn't a controled munition,
though.

> Frankly, I'm not sure.  However... The SSLeay doc itself indicates that
> you can use IDEA (easily hacked) or triple DES (paranoid minded) instead
> of the RSA techniques. I've noted with the interface that I'm playing
> around with more often than not (what little I paid attention to it),
> the SSLeay interface to Netscape Commercer Server picked triple DES.
> [it's a "auto-magically selected encryption algo depending upon what
> each side speaks"]
> 
> That's about how much I know.  There is a list of options for encryption
> that goes along these lines (for SSLeay): (from the README)
> 
> I am *not* a crypt knowledgable person, so most of this is Greek to me.
> I did read a short lesson on cryptography for net transactions that
> explained some of the issues around trusted servers (hence the need for
> certificates from known issuers), spoofing, trojan, and other ways that
> people can get in the middle of a conversation and wreak havoc.  
> 
> I'm trying to keep my interface to a minimum, namely using layered perl
> products on an already installed version of SSLeay (with an already
> purchased license) for a customer who has purchased the right to use
> that version of SSLeay through the web interface. I've told my customer
> that I'm not 100% certain he's legal, even with this...the only way I
> know for him to be sure would be to contact RSA directly.

:-)  Definitely some good info there, I appreciate it.  I'll have to delve
deeper into secure transactions eventually. . .

	--Arthur Corliss
	  Bolverk's Lair -- http://www.odinicfoundation.org/arthur/
	  "Live Free or Die, the Only Way to Live" -- NH State Motto