From owner-freebsd-current  Wed May 17  1: 3:45 2000
Delivered-To: freebsd-current@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8036437B789; Wed, 17 May 2000 01:03:42 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id BAA05619;
	Wed, 17 May 2000 01:03:42 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Wed, 17 May 2000 01:03:41 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Cc: current@freebsd.org
Subject: Re: OpenSSH 2.1 
In-Reply-To: <11790.958549960@localhost>
Message-ID: <Pine.BSF.4.21.0005170055580.4558-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 17 May 2000, Jordan K. Hubbard wrote:

> OK, if OpenSSL still contains crypto then "never mind"; I thought
> OpenSSL used *only* RSA and it used it through the RSAstubs code,
> making it "OK."

OpenSSL is a general-purpose cryptography toolkit which includes such
goodies as Blowfish, CAST, DES, Diffie-Hellman, DSA, RC[245], and..oh yes,
RSA :-)

> > today as well (after you've checked and got that legal advice I've been
> > bugging you about :)
> 
> I'm working on the legal advice; a firm has been retained and
> consulted.  Some paperwork needs to be done in order to get FreeBSD an
> export permit and I'm still working on figuring out if this will be an
> ongoing issue or we can just do it once.

Whee! Great news!

Once you get the legal issues sorted out, we can finally merge the
internat and freefall crypto repositories so there's just one source of
crypto. I think the only (legitimate) difference between the two is a
single file, rsa_eay.c, which contains the actual RSA crypto on internat.
We can put that into its own cvsup collection (cvs-crypto-rsa) which won't
be installed by default (and won't build anyway for USA_RESIDENT=="YES"),
and which mirrors don't have to replicate. I think that should take care
of all of the legal issues.

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message