From owner-freebsd-hackers Fri Sep 8 0: 9:15 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with ESMTP id 013A437B423 for ; Fri, 8 Sep 2000 00:09:13 -0700 (PDT) Received: (qmail 56413 invoked by uid 1000); 8 Sep 2000 07:09:10 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 8 Sep 2000 07:09:10 -0000 Date: Fri, 8 Sep 2000 02:09:10 -0500 (CDT) From: Mike Silbersack To: Peter Wemm Cc: Warner Losh , hackers@FreeBSD.ORG Subject: Re: FYI: RSA Donated to the public domain In-Reply-To: <200009070848.e878m5G55687@netplex.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 7 Sep 2000, Peter Wemm wrote: > Mike Silbersack wrote: > > Ok, now I have a question. Using STARTTLS with sendmail is obviously OK > > for us, since sendmail got the export liscense. However, AFAIK, qmail and > > postfix have obtained no such permission. > > Postfix has done the BXA hoop thing too. It is fully exportable (and > reexportable) and has a TLS etc implementation. > > Cheers, > -Peter Excellent, glad that 2/3 MTAs are done. Now, on to qmail. I'm assuming that Bernstein won't go through the hassle of getting approval, especially since I don't know where the snuffle trial is currently at in appeals. However, the TLS patch for qmail at http://www.esat.kuleuven.ac.be/~vermeule/qmail/tls.patch patches cleanly, and works great. Like OpenSSH / etc, it uses OpenSSL for all crypto work. Which of the following options would be legal: 1. Have the port fetch the patch from the .be site, patch qmail, and finish building it. 2. Include a (possibly modified) version of the patch in the ports tree, which would be applied when building qmail. (The port makefile would also wish to call the patched qmail makefile to create a CA during the build process as well. I'm not sure if that has additional implications.) I'm assuming #1's good, since that's how the OpenSSH port worked. Would #2 be any different? Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message