Re: Crypto

On the subject of crypto law - the laws have relaxed significantly in 
the last decade to the point where it is now generally safe to export 
symmetric encryption up to 128 bits (example: AES), and assymetric 
encryption up to 1024 bits (example: RSA). Many countries still require 
some sort of license, though, which takes the form of a formal request 
"may I export this?" "yes". As a "for example", I received approval from 
our company lawyers to re-export the Java runtime with a program we have 
which uses exactly 128 bit symmetric and 1024 bit assymetric to all 
countries except embargoed countries. Since it makes no sense to do 
business in embargoed countries anyways, there is no point in asking at all.

For free / open source software in general, the US has explicit 
exemptions for freely available software on the Internet, for the most 
part because it is impossible for them to control it. In this situation, 
PostgreSQL has a lot more freedom than, say, Oracle, to distribute 
crypto. As a for example, Firefox includes crypto to support SSL and 
certificate checking. Now, many countries also have *import* 
restrictions, so while it's safe to freely export Firefox from the 
United States over the Internet, in some countries, it is *illegal* for 
their own citizens to encrypt their data beyond a certain level. If such 
rules are enforced (I think Australia even had such a rule for a time), 
then it would be the citizen doing the import that is affected. At 
present, I wonder about the status of such things in China. While in 
China, they didn't prevent me from using my high encryption strength VPN 
software to access work - was I breaking the law by "importing" the 
technology and using it? I don't know, and I didn't really think much 
about it at the time.

All this being said - laws change all the time, and the number of 
countries involved in the equation each which may or may not have rules 
that apply to PostgreSQL at various times, that I still agree with 
Andrew - to go from no-crypto to crypto is a huge change that MAY result 
in downstream consequences which would adversely effect the success of 
PostgreSQL, or may even end up with some PostgreSQL representative in 
the chain defending themselves in a court room.

I think it would be best to leave crypto *outside* of core, but make it 
an extremely easy to add plugin with "download at your own risk - if you 
are unsure whether you are allowed to import crypto into your country, 
you are responsible for seeking your own legal counsel."

Java did this with their main software being generally exportable, and 
their "unlimited strength" crypto libraries requiring a separate 
download with appropriate warnings to keep Sun happy that they would not 
be held legally responsible if somebody did misuse the software.

I work for a telecommunications company which requires crypto in most 
software components, so this stuff is taken very seriously. The last 
thing you want to see on television is a terrorist using an untraceable 
"secure" line with your company's brand name on the front, as they lop 
off the head of a reporter. There is a level of responsibility required 
for such things both from a business perspective and from a ethics 
perspective.

Cheers,
mark


On 09/19/2009 01:55 PM, Andrew Dunstan wrote:
>
> David Fetter wrote:
>>> As for the suggestion that we should put other crypto functions into
>>> the  core, AIUI the reason not to is not to avoid problems with US
>>> Export  Regulations (after all, we've shipped source tarballs with
>>> it for many years, including from US repositories), but to make it
>>> easier to use Postgres in places where use of crypto is illegal.
>>
>> To date, I have not found an example of such a place.  For the record,
>> would you or anyone seeing this be so kind as to provide one, along
>> with some kind of evidence that somewhere, such a law has actually
>> been enforced?
>
> There are significant controls in a number of countries. See 
> <http://rechten.uvt.nl/koops/cryptolaw/cls-sum.htm>.
>
> I am not going to do more research on this - I have better things to 
> do with my time. The point has been made elsewhere that including 
> general crypto in core is entirely unnecessary for any purpose we know 
> of. That along with knowledge that its use is at least restricted in 
> several countries should surely be argument enough.
>
> This comes up often enough that I'm almost wondering if it deserves an 
> FAQ entry.
>


-- 
Mark Mielke<mark@mielke.cc>