____________________________________________________________________ Liberty means responsibility. That is why most men dread it. Locke The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- -------------------------------------------------------------------- ---------- Forwarded message ---------- Date: Fri, 9 Mar 2001 17:51:32 -0800 From: Raph Levien <raph@acm.org> To: coderpunks@toad.com Subject: Export of PDF Decryption code Hi Coderpunks, I realize this is, strictly speaking, a political rather than technical issue, but at least it's directly related to getting encryption code out there, and I figure that knowledgeable people will be hanging out here. Basically, I want to know under what circumstances we can safely export PDF decryption code with versions of Ghostscript. We ship Ghostscript under three licenses: GPL (for older versions), Aladdin Free Public License (free redistribution but limitations on commercial products; thus not DFSG), and under proprietary licenses to our OEM customers. Here are some relevant facts: * The encryption in PDF is 40-bit RC4, with MD5 used to derive the RC4 key from the user-supplied password. * Geoffrey Keating in Australia makes a patch available for Ghostscript which adds the encryption capability. * The competing xpdf package (distributed under GPL only) includes support for PDF decryption. I'd guess that we are allowed to freely distribute 40-bit RC4 with both the GPL and AFPL versions as long as we cc: the BXA on all releases, but for the commercial licensing, we'd have to advise our customers that they need to go through the export licensing process (no matter how pro forma) before including the code in their products. Is this correct? Thanks in advance, Raph