| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 4/6 |
| 1998/3/28-30 [Computer/SW/WWW/Browsers] UID:13867 Activity:high |
3/26 http://Mozilla.org party 4/1 at the Sound Factory. Free Source, Free Party. Everyone invited. http://www.mozilla.org/party \_ It sounds good. I just read the distressing news today, though, that Mozilla Navigator will not contain crypto, will not contain hooks for crypto, may not accept modifications which make it compatible with crypto, etc. All this over export issues, because they say that Netscape would be a highly visible target for politicians if they permitted the inclusion of crypto. Doesn't this constitute a strong argument against Mozilla Navigator in general? Even lynx has SSL! http://www.mozilla.org/crypto-faq.html \_ Add it yourself. Duh. \_ WTF would I use it for if I had to add it myself? Maybe I just want to *use* a browser instead of *program* one? DUH! \_ then download the normal version from netscape, you idiot. -tom \_ no shit tom you low grade moron. you once again "dont get it". no surprise. \_ I don't get it either - why would someone who doesn't want to hack on the browser care what is in the redistributable source code? Besides, netscape's not stopping anyone else from adding crypto and going up against the US Crypto Gestapo. \_ Because that means if anyone else hacks it up with something I like but doesn't add their own crypto, then I have a choice of NS crypto sans CoolThing or CoolThing sans crypto. Get it NOW? \_ If you want to be cool, that is your problem. \_ No, it's NS's. I'm a consumer. They have to make people like me happy or cash it in. Got it *NOW*? \_ so how much have you spent on Netscape products? \_ Roughly $2k in the last few years. \_ Why don't you just leech them like everyone else? \_ I work at a real company that doesn't fall under the previous NS .EDU leech policy. Out here in the RW, we _pay_ for things. \- You can bet that unless the source distribution license explicitly forbids putting the crypto back in, that crypto will be one of the first CoolThings that third parties try to hack back into it. \_ Ok, good point. I haven't read the license so I can't comment. I will say though that I would rather have NS crypto than unknown, although _possibly_ better, crypto. \_ If you're going to make a fool out of yourself in public, sign your name. \_ What's up with the moronic anonymous hypocrites insisting that others sign their names when they won't sign their own? Why bother loading up an editor on the motd when you have *nothing* to say which is in _any_ way pertinent to the thread? Why are you still here wasting perfectly good oxygen when you could be dead, returning to the earth some small bit of the resources you've stolen and put to no good use? *PLEASE* do yourself and everyone else a favor: the next time you have nothing to say beyond the typical trollish "sign your name!" stupidity, just don't. Instead take a moment to reflect and then kill yourself quietly and efficiently. Thank you for your contributions to this thread. I expect to read in the Cal about how "GEEK KILLS SELF! SAVES SELF FROM FURTHER ABUSE!" sometime in the next few weeks. [Keep deleting this if you like. I have it in a file, you hypocritical moron.] \_ http://www.mozilla.org/crypto-faq.html#1-10 -- I guess they will allow it but it will be a little inconvenient. That's actually what it's like for lynx-ssl now. \_Any car pools? |
| 4/6 |
|
| www.mozilla.org/party -> www.mozilla.org/party/ References 1. |
| www.mozilla.org/crypto-faq.html Note that this document is for your information only and is not intended as legal advice. If you wish to develop and distribute cryptographic software, particularly for commercial sale or distribution, then you should consult an attorney with expertise in the particular laws and regulations that apply in your jurisdiction. I've updated this version of the Mozilla Crypto FAQ to discuss the situation now that the RSA public key algorithm is in the public domain and a full open source crypto implementation is being added to the Mozilla code base. Will we be able to use GNU Privacy Guard or other PGP versions with Mozilla? Have all the issues with Mozilla and crypto now been resolved? Now that the RSA patent is in the public domain, Mozilla crypto development can proceed with minimal restrictions. In the near future the Mozilla code base will include a complete open source cryptographic library, and Mozilla will include SSL support as a standard feature. On September 6, 2000, RSA Security released the RSA patent into the public domain, two weeks before the patent was scheduled to expire (on September 20, 2000). Shortly thereafter the NSS developers began work on an open source implementation of the RSA algorithm; This new RSA-capable version of NSS will then be included in a future version of the open source PSM software, which will provide SSL support for Mozilla. For more information on the RSA patent see the 39 RSA Security press release announcing release of the patent into the public domain, and the 40 RSA patent itself. Department of Commerce 41 press release announcing the new regulations, the 42 actual revisions to the regulations, and the 43 updated regulations themselves. For more information on the SSL, S/MIME, PKI, and other crypto source code being developed as part of the Mozilla project, see the 45 PKI project page and of course the 46 source code itself. What functionality is implemented by the Mozilla crypto code released so far? The Mozilla crypto code will shortly include a full implementation of the RSA and other cryptographic algorithms; Note that due to various implementation issues, PSM support for Mozilla on the Macintosh is lagging somewhat behind PSM support on Windows, Linux, and other platforms. Also note that the NSS developers are creating code for support of S/MIME secure messages; For more information on the Netscape PSM binaries see the 54 Netscape Personal Security Manager for Mozilla page. What is the open source license used for the Mozilla crypto code? The released source code is dual-licensed under the MPL and the GPL. You may choose to use the code either under the terms of the MPL or under the terms of the GPL. This form of licensing was chosen to allow the released Personal Security Manager and Network Security Services source code to be used in as many contexts as possible; If you create and distribute modifications to the original PSM and NSS code, we ask that you in turn make such modifications available under both the MPL and GPL. Yes, as long as patent or other legal issues do not prevent such code from being used by the general community of Mozilla developers. New contributions of crypto code should also be reviewed and approved by the appropriate Mozilla module owners, just as with any other Mozilla contributions. For more information about patents related to cryptographic algorithms and implementation techniques, see the questions relating to 59 patents on cryptography in RSA Laboratories' 60 cryptography FAQ. See the Mozilla 61 open source PKI projects pages for the names and email addresses of the Mozilla module owners for crypto-related code. What about Mozilla support for PGP and other protocols besides SSL and S/MIME? Will we be able to use GNU Privacy Guard or other PGP versions with Mozilla? Support for PGP and other security-related protocols and formats can potentially be added to Mozilla in the same manner as SSL and S/MIME; We know of at least two efforts which may produce PGP support for Mozilla. As noted above, the PSM code implements SSL and (in the future) S/MIME support for Mozilla by taking advantage of generic high-level Mozilla public APIs used to add new protocols and message formats. These same APIs can be used to add support to Mozilla for other security schemes, including potentially PGP. If anyone is interested on working such support within the Mozilla project then they are welcome to do so. Also note that Mozilla support for PGP and other security schemes may also be made available by commercial security vendors or by independent developers, using the various public APIs already present in Mozilla. Based on statements made in various Internet forums it appears that the developers of GNU Privacy Guard may create a plugin module to support invocation of GnuPG functionality from Mozilla; Network Associates may also create a commercial PGP plugin for Mozilla. You should contact those vendors or developers directly for more information concerning their plans. See the Open Directory references for 62 general PGP information, including contact information for companies and independent developers producing PGP implementations. Is information available describing the format of the PSM key and certificate database, so that other software can reuse existing user keys and certificates managed by PSM? The initial release of SSL, S/MIME, and general PKI source code from iPlanet E-Commerce Solutions includes some documentation on the format of the key and certificate database. Also, changing the database directly from an application risks causing database corruption and subsequent problems in PSM and applications like Mozilla using PSM. For these reasons we strongly recommend that Mozilla developers and others access the key and certificate database only through public APIs provided by the NSS library. As long as you are simply mirroring the Mozilla site as is, you do not need to provide any notification to the Bureau of Export Administration or NSA. As a mirror of the Mozilla FTP site you will automatically be distributing open source encryption code as well. Your particular obligations depend on your exact circumstances, and we cannot provide legal advice to you. For the statement by the Bureau of Export Administration on notification requirements for mirror sites, see the section "Notification Requirements" in the 69 Bernstein advisory opinion contained in the letter dated February 17, 2000, from James Lewis of BXA to Cindy Cohn, counsel for Daniel Bernstein. The ITAR still exist, but are no longer used in the context of export control of encryption software; Department of Commerce by Presidential Executive Order 13026 on November 15, 1996, for regulation under the Export Administration Regulations (EAR), along with all other export-controlled commercial products. Munitions List to the Commerce Control List (CCL) of the EAR. For more information see the document 72 "Principal Statutory Authority for the Export Administration Regulations", which contains a copy of Executive Order 13026. Yes in a specific case, but the decision may yet be overruled. The government also claimed that publication of cryptographic software in electronic form made such functional use easier than publication in printed form, and that that was sufficient to justify treating the two forms differently in the regulations. See also the 80 request for an advisory opinion made to the Bureau of Export Administration by Bernstein's lawyers and the resulting 81 advisory opinion issued by BXA in response to that request. Provides historical context and technical background for the recent political battles around encryption and privacy issues. A set of ten essays on various aspects of privacy and technological developments affecting it. An earlier (circa 1995) collection of essays and public documents, with a concentration on the Clipper chip controversy and the Digital Telephony Act. The latest in a series of annual surveys of government policies relating to encryption, covering over a hundred countries. See the 94 EPIC bookstore for more recommendations of books discussing privacy in general and public policie... |
| www.mozilla.org/crypto-faq.html#1-10 Note that this document is for your information only and is not intended as legal advice. If you wish to develop and distribute cryptographic software, particularly for commercial sale or distribution, then you should consult an attorney with expertise in the particular laws and regulations that apply in your jurisdiction. I've updated this version of the Mozilla Crypto FAQ to discuss the situation now that the RSA public key algorithm is in the public domain and a full open source crypto implementation is being added to the Mozilla code base. Will we be able to use GNU Privacy Guard or other PGP versions with Mozilla? Have all the issues with Mozilla and crypto now been resolved? Now that the RSA patent is in the public domain, Mozilla crypto development can proceed with minimal restrictions. In the near future the Mozilla code base will include a complete open source cryptographic library, and Mozilla will include SSL support as a standard feature. On September 6, 2000, RSA Security released the RSA patent into the public domain, two weeks before the patent was scheduled to expire (on September 20, 2000). Shortly thereafter the NSS developers began work on an open source implementation of the RSA algorithm; This new RSA-capable version of NSS will then be included in a future version of the open source PSM software, which will provide SSL support for Mozilla. For more information on the RSA patent see the 39 RSA Security press release announcing release of the patent into the public domain, and the 40 RSA patent itself. Department of Commerce 41 press release announcing the new regulations, the 42 actual revisions to the regulations, and the 43 updated regulations themselves. For more information on the SSL, S/MIME, PKI, and other crypto source code being developed as part of the Mozilla project, see the 45 PKI project page and of course the 46 source code itself. What functionality is implemented by the Mozilla crypto code released so far? The Mozilla crypto code will shortly include a full implementation of the RSA and other cryptographic algorithms; Note that due to various implementation issues, PSM support for Mozilla on the Macintosh is lagging somewhat behind PSM support on Windows, Linux, and other platforms. Also note that the NSS developers are creating code for support of S/MIME secure messages; For more information on the Netscape PSM binaries see the 54 Netscape Personal Security Manager for Mozilla page. What is the open source license used for the Mozilla crypto code? The released source code is dual-licensed under the MPL and the GPL. You may choose to use the code either under the terms of the MPL or under the terms of the GPL. This form of licensing was chosen to allow the released Personal Security Manager and Network Security Services source code to be used in as many contexts as possible; If you create and distribute modifications to the original PSM and NSS code, we ask that you in turn make such modifications available under both the MPL and GPL. Yes, as long as patent or other legal issues do not prevent such code from being used by the general community of Mozilla developers. New contributions of crypto code should also be reviewed and approved by the appropriate Mozilla module owners, just as with any other Mozilla contributions. For more information about patents related to cryptographic algorithms and implementation techniques, see the questions relating to 59 patents on cryptography in RSA Laboratories' 60 cryptography FAQ. See the Mozilla 61 open source PKI projects pages for the names and email addresses of the Mozilla module owners for crypto-related code. What about Mozilla support for PGP and other protocols besides SSL and S/MIME? Will we be able to use GNU Privacy Guard or other PGP versions with Mozilla? Support for PGP and other security-related protocols and formats can potentially be added to Mozilla in the same manner as SSL and S/MIME; We know of at least two efforts which may produce PGP support for Mozilla. As noted above, the PSM code implements SSL and (in the future) S/MIME support for Mozilla by taking advantage of generic high-level Mozilla public APIs used to add new protocols and message formats. These same APIs can be used to add support to Mozilla for other security schemes, including potentially PGP. If anyone is interested on working such support within the Mozilla project then they are welcome to do so. Also note that Mozilla support for PGP and other security schemes may also be made available by commercial security vendors or by independent developers, using the various public APIs already present in Mozilla. Based on statements made in various Internet forums it appears that the developers of GNU Privacy Guard may create a plugin module to support invocation of GnuPG functionality from Mozilla; Network Associates may also create a commercial PGP plugin for Mozilla. You should contact those vendors or developers directly for more information concerning their plans. See the Open Directory references for 62 general PGP information, including contact information for companies and independent developers producing PGP implementations. Is information available describing the format of the PSM key and certificate database, so that other software can reuse existing user keys and certificates managed by PSM? The initial release of SSL, S/MIME, and general PKI source code from iPlanet E-Commerce Solutions includes some documentation on the format of the key and certificate database. Also, changing the database directly from an application risks causing database corruption and subsequent problems in PSM and applications like Mozilla using PSM. For these reasons we strongly recommend that Mozilla developers and others access the key and certificate database only through public APIs provided by the NSS library. As long as you are simply mirroring the Mozilla site as is, you do not need to provide any notification to the Bureau of Export Administration or NSA. As a mirror of the Mozilla FTP site you will automatically be distributing open source encryption code as well. Your particular obligations depend on your exact circumstances, and we cannot provide legal advice to you. For the statement by the Bureau of Export Administration on notification requirements for mirror sites, see the section "Notification Requirements" in the 69 Bernstein advisory opinion contained in the letter dated February 17, 2000, from James Lewis of BXA to Cindy Cohn, counsel for Daniel Bernstein. The ITAR still exist, but are no longer used in the context of export control of encryption software; Department of Commerce by Presidential Executive Order 13026 on November 15, 1996, for regulation under the Export Administration Regulations (EAR), along with all other export-controlled commercial products. Munitions List to the Commerce Control List (CCL) of the EAR. For more information see the document 72 "Principal Statutory Authority for the Export Administration Regulations", which contains a copy of Executive Order 13026. Yes in a specific case, but the decision may yet be overruled. The government also claimed that publication of cryptographic software in electronic form made such functional use easier than publication in printed form, and that that was sufficient to justify treating the two forms differently in the regulations. See also the 80 request for an advisory opinion made to the Bureau of Export Administration by Bernstein's lawyers and the resulting 81 advisory opinion issued by BXA in response to that request. Provides historical context and technical background for the recent political battles around encryption and privacy issues. A set of ten essays on various aspects of privacy and technological developments affecting it. An earlier (circa 1995) collection of essays and public documents, with a concentration on the Clipper chip controversy and the Digital Telephony Act. The latest in a series of annual surveys of government policies relating to encryption, covering over a hundred countries. See the 94 EPIC bookstore for more recommendations of books discussing privacy in general and public policie... |
| Mozilla.org The Mozilla project maintains choice and innovation on the Internet by developing the acclaimed, open source, Mozilla 16 web and email suite and related products and technology. Thunderbird 06 is Now Available Some of the new features include a Windows installer, Pinstripe theme for Mac OS X, new artwork, improved junk mail controls, improved mail notification in the system dock for Mac OS X, server-wide news filters and a slew of other new features. |