From owner-freebsd-security Wed Nov 13 12:44:43 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA14660 for security-outgoing; Wed, 13 Nov 1996 12:44:43 -0800 (PST) Received: from skynet.ctr.columbia.edu (skynet.ctr.columbia.edu [128.59.64.70]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id MAA14653 for ; Wed, 13 Nov 1996 12:44:38 -0800 (PST) Received: (from wpaul@localhost) by skynet.ctr.columbia.edu (8.6.12/8.6.9) id PAA25158; Wed, 13 Nov 1996 15:44:10 -0500 From: Bill Paul Message-Id: <199611132044.PAA25158@skynet.ctr.columbia.edu> Subject: Re: Secure RPC revisited To: Guido.vanRooij@nl.cis.philips.com Date: Wed, 13 Nov 1996 15:44:09 -0500 (EST) Cc: freebsd-security@freebsd.org In-Reply-To: <199611130805.JAA02443@spooky.lss.cp.philips.com> from "Guido van Rooij" at Nov 13, 96 09:05:52 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Of all the gin joints in all the towns in all the world, Guido van Rooij had to walk into mine and say: > > > > The Diffie-Hellman issue is another matter. My understanding (which may > > in fact be totally wrong) is that it's not possible to use code which > > implements Diffie-Hellman without paying a licensing fee to RSA (or whoever > > it is this week). But the patent in question is supposed to expire in 1997, > > thus we bide our time, all the while plotting to overthrow the earth and > > cackling maniacally to ourselves. (Alright, maybe it's just me.) > > > > I thought SSH also used diffie hellman. It seems they don't have a problem. I'm not sure it's the same, although I wouldn't mind being proven wrong. > Exactly *where* is the patent living? If it is only in the states, we > might just install it on the internat repository? The problem with Secure RPC is that it needs to be integrated with the existing RPC library (I'm not even considering the kernel -- somebody else can agonize over that), and the RPC library lives in libc. If we have a seperate kit for adding Secure RPC, like we currently have for DES, we need to provide a new libc which the user has to swap for his existing one. Replacing libc is a sticky business and I submit that it's best to avoid forcing the user to do this. I confess that I don't know enough about patent law to say how much of this nonsense applies outside the U.S. -Bill -- ============================================================================= -Bill Paul (212) 854-6020 | System Manager, Master of Unix-Fu Work: wpaul@ctr.columbia.edu | Center for Telecommunications Research Home: wpaul@skynet.ctr.columbia.edu | Columbia University, New York City ============================================================================= "If you're ever in trouble, go to the CTR. Ask for Bill. He will help you." =============================================================================