Re: SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
BTW, this doesn't come with source code.
No, it does not come with source code. Site licenses and OEM bundling packages will come with a source code option. Partners who work with us in internationalizing the product may also receive source code. However, it did not seem to be useful or appropriate for a consumer-level product like this. We are trying to find a happy medium between making sure that the security is well-reviewed, and doing things that make business sense and map onto standard industry practice for selling software products. Note that SafePassage uses SSLeay for its encryption and SSL protocol layer; SSLeay has publicly available source code, and has been extensively reviewed. Douglas Barnes C2Net
Doug Barnes <cman@c2.net> writes:
SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
BTW, this doesn't come with source code.
No, it does not come with source code. Site licenses and OEM bundling packages will come with a source code option. Partners who work with us in internationalizing the product may also receive source code. However, it did not seem to be useful or appropriate for a consumer-level product like this.
I'm curious as to how C2 is going about this `internationalization' process? Do you do your software development outside the US? Do you do a joint development inside and outside with clean room code? Do you export software with hooks, and employ lawyers to defend against the possibility of getting knobbled for ITAR violation on this basis? Regardless, congratulations on another good product, deliverable worldwide. A very cypherpunkly goal, strong crypto deployment. Adam -- print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`
I'm curious as to how C2 is going about this `internationalization'
'internationalization' refers not to ITAR, but to things such as language in dialog boxes, using periods instead of commas, in numbers, etc. All our development is done outside the US. We don't export software with hooks, that's illegal. -- Sameer Parekh Voice: 510-986-8770 President FAX: 510-986-8777 C2Net http://www.c2.net/ sameer@c2.net
Douglas Barnes wrote:
SAFEPASSAGE BRINGS STRONG CRYPTO TO WEB BROWSERS WORLDWIDE
BTW, this doesn't come with source code.
No, it does not come with source code. Site licenses and OEM bundling packages will come with a source code option. Partners who work with us in internationalizing the product may also receive source code. However, it did not seem to be useful or appropriate for a consumer-level product like this.
We are trying to find a happy medium between making sure that the security is well-reviewed, and doing things that make business sense and map onto standard industry practice for selling software products.
Really? Who reviewed the security of SafePassage?
Note that SafePassage uses SSLeay for its encryption and SSL protocol layer; SSLeay has publicly available source code, and has been extensively reviewed.
I've never seen a security review of SSLeay, and if anyone gave it a clean bill of health, they didn't have their eye on the ball. Note, I'm not knocking SSLeay here, it is a wonderful lump of code, but it hasn't been written with security in mind (IMHO). Cheers, Ben. -- Ben Laurie Phone: +44 (181) 994 6435 Email: ben@algroup.co.uk Freelance Consultant and Fax: +44 (181) 994 6472 Technical Director URL: http://www.algroup.co.uk/Apache-SSL A.L. Digital Ltd, Apache Group member (http://www.apache.org) London, England. Apache-SSL author
participants (4)
-
Adam Back -
Ben Laurie -
Douglas Barnes -
sameer