[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Alert: this client does not contain support for HTTPS urls.
From: |
David Woolley |
Subject: |
Re: lynx-dev Alert: this client does not contain support for HTTPS urls. |
Date: |
Mon, 17 Aug 1998 08:26:00 +0100 (BST) |
>
> Maybe I'm totally confused, but how can Microsoft Explorer as well as
> NetScape support these crazy HTTPS URLS without fear of being sold
> outside the US? Also, how can non-US residents access these https
> sites? Maybe I'm confusing htis with something else. Maybe I'm just
> totally confused at this point.
The big 2 have:
1) a licence from the patent owners (presumably with some money paid,
although possibly in terms of increased royalties for server products) -
SSL Lynx could not be free for commercial use, but applying a commercial
use restriction would be a breach of the Lynx copyright;
2) an export licence from the US government for the versions that are
publically downloadable (which have maximum key lengths chosen to be
breakable at reasonable cost by the authorities - I think the key length
was increased recently as the cost of breaking was well below typical
credit card credit limits, even using commercial PCs).
They are not available in source code (NS5 does not include SSL), so
the end user cannot tweak them easily (or legally) to restore the full
key length. A binary only version of Lynx would be in breach of copyright.
The full strength versions are available to US citizens (initially not
over the net, although I'm not sure of the current situation), and, in
reality I'm sure are available via warez channels, so there is a lot of
hypocrisy, as the people you are trying to protect against are unlikely
to be worried about copyright violations!
Banking institutions have a special dispensation and are allowed access
to cryptography which is not allowed for general export, and I vaguely
recall that some recent big 2 clients will go into 128 bit mode for
certain web sites, even in the international versions.
There are some freeware programs which are distributed from sites which
attempt to enforce US only distribution, but it is arguable that that
would breach the Lynx copyright and it is certain that you would deny
Lynx to a significant proportion of the Lynx community.
The US government can trust a big commercial organisation to distribute
weakened software, because they could, in the limit, be driven out of
business if they broke the rules. It is much more difficult to police
non-commercial software.
- Re: lynx-dev EXTERNAL: https support? (was too long), (continued)
- Re: lynx-dev EXTERNAL: https support? (was too long), Philip Webb, 1998/08/11
- Re: lynx-dev EXTERNAL: https support? (was too long), Doug Kaufman, 1998/08/11
- Re: lynx-dev Alert: this client does not contain support for HTTPS urls., Doug Kaufman, 1998/08/11
- Re: lynx-dev Alert: this client does not contain support for HTTPS urls., Jacob Poon, 1998/08/11
- Re: lynx-dev Alert: this client does not contain support for HTTPS urls., Doug Kaufman, 1998/08/11
Re: lynx-dev Alert: this client does not contain support for HTTPS urls., David Woolley, 1998/08/12
Re: lynx-dev Alert: this client does not contain support for HTTPS urls.,
David Woolley <=
Re: lynx-dev Alert: this client does not contain support for HTTPS urls., Larry W. Virden, 1998/08/18
Re: lynx-dev Alert: this client does not contain support for HTTPS urls., T.E.Dickey, 1998/08/12
Re: lynx-dev Alert: this client does not contain support for HTTPS urls., T.E.Dickey, 1998/08/12
Re: lynx-dev Alert: this client does not contain support for HTTPS urls., Laura Eaves, 1998/08/12
Re: lynx-dev Alert: this client does not contain support for HTTPS urls., Bela Lubkin, 1998/08/13