Interfacing with online bank

Derek Atkins warlord@MIT.EDU
24 Jul 2000 13:11:22 -0400

John Klar <> writes:

> I'm under the, possible mistaken, assumption that most https servers, at
> least those most likely to be used by a financial institution, use
> SSLv2.  SSLv2 is dependent on RSA which has licensing issues in the USA.

Only until September 20 of this year, at which point there are no
longer any patent issues with using RSA.  If we roll our own
implementation (or use OpenSSL) then there isn't any
copyright/licensing issue, either.

> The general US crypto laws also apply/applied to plugin or stub
> architectures that allow dropin crypto modules.  I am aware that US
> Crypto restrictions are easing and that financial/banking software has
> some further dispensation.

Actually, recent changes to the crypto export regs make exporting
open software fairly trivial.  This implies that adding crypto
support into GnuCash should be relatively straightforward as far
as the crypto regs are concerned.


       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available