Date: Tue, 2 Nov 1999 12:00:18 -0600 (CST) From: James Wyatt <jwyatt@rwsystems.net> To: Dug Song <dugsong@monkey.org> Cc: Niels Provos <provos@citi.umich.edu>, security@FreeBSD.ORG, ports@FreeBSD.ORG, markus@openbsd.org Subject: Re: OpenSSH patches Message-ID: <Pine.BSF.4.10.9911021151531.78894-100000@bsdie.rwsystems.net> In-Reply-To: <Pine.BSO.4.10.9911021016190.1191-100000@funky.monkey.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Nov 1999, Dug Song wrote: > On Tue, 2 Nov 1999, Niels Provos wrote: > > One of them, already convincing enough by itself, is the free > > commercial use. > > not within the US, though. :-( > > OpenBSD's OpenSSL relies on the system libcrypto, which uses a different > RSA implementation depending on which ssl26 package you've installed. > > for US users, this is RSAREF (RSA's reference implementation), which is > only available for NON-commercial use. in order to use RSAREF (or indeed, > any implementation of RSA) commercially, you must buy an RSA license. > there is no way around this. [ ... ] > all software that uses RSA is subject to this bogosity, including PGP: [ ... ] > http://bs.mit.edu:8001/pgp-form.html > http://www.scramdisk.clara.net/pgpfaq.html#SubRSAREF I was under the impression that the RSA code was best for ApacheSSL support and anything else (like ssh) could use several others (DES, BlowFish, etc...). I can also more easily get an RSA license because I have to cover it for a year or so anyway - until the patent expires. Most businesses are used to paying for the web server certs and licences, but some will balk at something new. "*What* is this for again? I've never heard of it." - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9911021151531.78894-100000>