SSL question for non-US members...

GHoosdumGHoosdum Icrontian
edited January 2004 in Science & Tech
I'm looking into the international and legalistic ramifications of e-commerce right now. I know that the US has a law banning the export of sufficiently strong encryption technologies - I was wondering if 128-bit SSL fell into this category.

For the non-US members: How is SSL handled in your version of MSIE? If you were to make a credit-card purchase from a US website, what are the steps in the transaction and how does it differ from making the same transaction from inside the US?

THANKS! :usflag:

Comments

  • KwitkoKwitko Sheriff of Banning (Retired) By the thing near the stuff Icrontian
    edited January 2004
    I believe that 128-bit encryption is okay for countries not on the US trade embargo list. It might depend upon what certificate the particular vendor has chosen, meaning if they didn't get a "global cert" they can only sell to US & Canada. You should check Verisign's site. They're not the only one who issues SSL certs, but they're certainly the largest and I remember reading somewhere about global encryption IDs.
  • DexterDexter Vancouver, BC Canada
    edited January 2004
    And really, how hard is it to obtain a "US" (or other trusted countries') version of a browser through 3rd party download sites, or P2P file sharing programs. That's as assinine as RIAA fighting music sharing, IMO.

    Dexter...
  • ginipigginipig OH, NOES
    edited January 2004
    Not entirely asinine..

    My friend in Sydney set the precedent as the first person to get arrested/trialed/sentenced.
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited January 2004
    Well, SSL2 is emulated and mimiced in the sense of how secure it is by SSH2. Linux users and Linux servers can use that. Verisign certificates can be passed within SSH2 connects also.

    The thing about issuers is that they track who they give certs to, so in fact those certs can be checked and are thus confirmable. BUT, Linux users can gen SHA2 signatures that are as secure and unique as Verisign certs and some Linux admins track those also.

    What is copyrightable is a specific algorithm that creates certain code from certain source, and part of how reliable the code is considered to be is two-fold. First, how hard is it to break teh code. Second, how hard is it to FAKE the code without the source. How easy it is to use is a third thing, and verifying or cross-checking is important as noted above also.

    BUT, SHA\2 is free, LEGALLY so. Look for SHA\2 key supporting registrars.

    John.
Sign In or Register to comment.