From owner-freebsd-security  Thu Dec 16 12:45:33 1999
Delivered-To: freebsd-security@freebsd.org
Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8])
	by hub.freebsd.org (Postfix) with ESMTP
	id 52AEB14F0C; Thu, 16 Dec 1999 12:45:29 -0800 (PST)
	(envelope-from matt@zigg.com)
Received: from localhost (matt@localhost)
	by megaweapon.zigg.com (8.9.3/8.9.3) with ESMTP id PAA45046;
	Thu, 16 Dec 1999 15:44:06 -0500 (EST)
	(envelope-from matt@zigg.com)
Date: Thu, 16 Dec 1999 15:44:00 -0500 (EST)
From: Matt Behrens <matt@zigg.com>
To: Peter Wemm <peter@netplex.com.au>
Cc: Brian Fundakowski Feldman <green@FreeBSD.ORG>,
	Mark Murray <mark@grondar.za>, Kris Kennaway <kris@hub.freebsd.org>,
	security@FreeBSD.ORG
Subject: Re: OpenSSH in the base (was Re: OpenSSL update) 
In-Reply-To: <19991216202404.92CBA1CC6@overcee.netplex.com.au>
Message-ID: <Pine.BSF.4.21.9912161540050.45027-100000@megaweapon.zigg.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 17 Dec 1999, Peter Wemm wrote:

> It's not a crypto export problem, it's the RSA patent that's the problem.
> Any code that isn't RSAREF based for RSA support is unusable in the US.  I
> don't think OpenSSL linked against RSAREF is useable for OpenSSH.

Sure it is.  My OpenSSH is linked to OpenSSL is linked to RSAREF (on both
my FreeBSD box and my OpenBSD box).  Of course, the real ugly problem
happens when you want to use RSA commercially in the US -- you
can't.  Noncommercially you can use RSAREF.  Commercially you must get a
license from RSA, which I hear is next to impossible.

OpenBSD's solution to this is to have two packages that you can choose
from at install time -- one without RSAREF or one with.  It explains that
if you are outside the US, use the one without.  Inside and
non-commercial, use the one with.  Inside and commercial -- bzzt! out of
luck. :-(

September 20, 2000 is when the RSA patent expires.

Matt Behrens <matt@zigg.com>
Owner/Administrator, zigg.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE4WU8V+xq4JbgNGlMRAnj7AJ9obT77H5JAUUD2R/aXDfh/167CoACgllWo
78GJriOjBuLcRQ0Ibp9yoVc=
=/D6+
-----END PGP SIGNATURE-----



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message