From owner-freebsd-hackers  Fri Sep  8  0: 9:15 2000
Delivered-To: freebsd-hackers@freebsd.org
Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39])
	by hub.freebsd.org (Postfix) with ESMTP id 013A437B423
	for <hackers@FreeBSD.ORG>; Fri,  8 Sep 2000 00:09:13 -0700 (PDT)
Received: (qmail 56413 invoked by uid 1000); 8 Sep 2000 07:09:10 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 8 Sep 2000 07:09:10 -0000
Date: Fri, 8 Sep 2000 02:09:10 -0500 (CDT)
From: Mike Silbersack <silby@silby.com>
To: Peter Wemm <peter@netplex.com.au>
Cc: Warner Losh <imp@village.org>, hackers@FreeBSD.ORG
Subject: Re: FYI: RSA Donated to the public domain 
In-Reply-To: <200009070848.e878m5G55687@netplex.com.au>
Message-ID: <Pine.BSF.4.21.0009080202040.55881-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Thu, 7 Sep 2000, Peter Wemm wrote:

> Mike Silbersack wrote:
> > Ok, now I have a question.  Using STARTTLS with sendmail is obviously OK
> > for us, since sendmail got the export liscense.  However, AFAIK, qmail and
> > postfix have obtained no such permission.
> 
> Postfix has done the BXA hoop thing too.  It is fully exportable (and
> reexportable) and has a TLS etc implementation.
> 
> Cheers,
> -Peter

Excellent, glad that 2/3 MTAs are done.

Now, on to qmail.  I'm assuming that Bernstein won't go through the hassle
of getting approval, especially since I don't know where the snuffle trial
is currently at in appeals.

However, the TLS patch for qmail at
http://www.esat.kuleuven.ac.be/~vermeule/qmail/tls.patch patches cleanly,
and works great.  Like OpenSSH / etc, it uses OpenSSL for all crypto work.

Which of the following options would be legal:

1.  Have the port fetch the patch from the .be site, patch qmail, and
finish building it.

2.  Include a (possibly modified) version of the patch in the ports tree,
which would be applied when building qmail.

(The port makefile would also wish to call the patched qmail makefile to
create a CA during the build process as well.  I'm not sure if that has
additional implications.)

I'm assuming #1's good, since that's how the OpenSSH port worked.  Would
#2 be any different?

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message