On 08/20/2012 03:10 PM, Josh Berkus wrote:
> On 8/15/12 6:48 AM, Tom Lane wrote:
>> The argument against moving crypto code into core remains the same as it
>> was, ie export regulations. I don't see that that situation has changed
>> at all.
> Actually, I believe that it has, based on my experience getting an
> export certificate for Sun Postgres back in 2008.
>
> The US Federal government lifted restrictions on shipping well-known
> cryptographic algorithms to most countries several years ago, except to
> specific countries with embargoes (Iran, Burma, etc.). However, *all*
> exports of software to those embargoed countries are restricted,
> cryptographic or not.
>
> The USA does require an export certificate for any
> cryptographic-supporting software which is shipped from the USA. For
> that, however, MD5 and our support for SSL authentication already
> requires a certificate, whether we include SHA or not. So, my personal
> non-lawyer experience is that including SHA in core or not would make no
> difference whatsoever to our export status.
>
> The above is all secondhand legal knowledge, so if it really matters to
> our decisions on what algorithms we include in Core, we should ask SFLC
> for a real opinion. We certainly shouldn't make one based on assumptions.
>
> I think it's more significant, though, that nobody has been able to
> demonstrate that SHA hashing of passwords actually makes Postgres more
> secure.
>
I don't think US export regulations are the only issue. Some other
countries (mostly the usual suspects) forbid the use of crypto software.
If we build more crypto functions into the core we make it harder to use
Postgres legally in those places.
cheers
andrew