From owner-freebsd-security  Tue Nov  2 10: 7:13 1999
Delivered-To: freebsd-security@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4503C14F1D; Tue,  2 Nov 1999 10:06:48 -0800 (PST)
	(envelope-from jwyatt@rwsystems.net)
Received: from bsdie.rwsystems.net([209.197.223.2]) (1952 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m11iiEF-000CC3C@bsdie.rwsystems.net>
	for <ports@FreeBSD.ORG>; Tue, 2 Nov 1999 12:00:19 -0600 (CST)
	(Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7)
Date: Tue, 2 Nov 1999 12:00:18 -0600 (CST)
From: James Wyatt <jwyatt@rwsystems.net>
To: Dug Song <dugsong@monkey.org>
Cc: Niels Provos <provos@citi.umich.edu>, security@FreeBSD.ORG,
	ports@FreeBSD.ORG, markus@openbsd.org
Subject: Re: OpenSSH patches 
In-Reply-To: <Pine.BSO.4.10.9911021016190.1191-100000@funky.monkey.org>
Message-ID: <Pine.BSF.4.10.9911021151531.78894-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 2 Nov 1999, Dug Song wrote:
> On Tue, 2 Nov 1999, Niels Provos wrote:
> > One of them, already convincing enough by itself, is the free
> > commercial use.
> 
> not within the US, though. :-(
> 
> OpenBSD's OpenSSL relies on the system libcrypto, which uses a different
> RSA implementation depending on which ssl26 package you've installed.
> 
> for US users, this is RSAREF (RSA's reference implementation), which is
> only available for NON-commercial use. in order to use RSAREF (or indeed,
> any implementation of RSA) commercially, you must buy an RSA license.
> there is no way around this.
	[ ... ]
> all software that uses RSA is subject to this bogosity, including PGP:
	[ ... ]
> 	http://bs.mit.edu:8001/pgp-form.html
> 	http://www.scramdisk.clara.net/pgpfaq.html#SubRSAREF

I was under the impression that the RSA code was best for ApacheSSL
support and anything else (like ssh) could use several others (DES,
BlowFish, etc...).

I can also more easily get an RSA license because I have to cover it for a
year or so anyway - until the patent expires. Most businesses are used to
paying for the web server certs and licences, but some will balk at
something new. "*What* is this for again? I've never heard of it." - Jy@



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message