From owner-freebsd-ports Tue Nov 2 7:57:40 1999 Delivered-To: freebsd-ports@freebsd.org Received: from funky.monkey.org (funky.monkey.org [63.77.239.12]) by hub.freebsd.org (Postfix) with ESMTP id 8497B14D5B; Tue, 2 Nov 1999 07:57:16 -0800 (PST) (envelope-from dugsong@monkey.org) Received: by funky.monkey.org (Postfix, from userid 1001) id 57AB215189; Tue, 2 Nov 1999 10:51:44 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by funky.monkey.org (Postfix) with ESMTP id 20FE314A01; Tue, 2 Nov 1999 10:51:43 -0500 (EST) Date: Tue, 2 Nov 1999 10:51:43 -0500 (EST) From: Dug Song To: Niels Provos Cc: security@FreeBSD.ORG, ports@FreeBSD.ORG, markus@openbsd.org Subject: Re: OpenSSH patches In-Reply-To: <199911021446.JAA27912@india.citi.umich.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 2 Nov 1999, Niels Provos wrote: > One of them, already convincing enough by itself, is the free > commercial use. not within the US, though. :-( OpenBSD's OpenSSL relies on the system libcrypto, which uses a different RSA implementation depending on which ssl26 package you've installed. for US users, this is RSAREF (RSA's reference implementation), which is only available for NON-commercial use. in order to use RSAREF (or indeed, any implementation of RSA) commercially, you must buy an RSA license. there is no way around this. any other use of the RSA algorithm within the US is in violation of the RSA patent (though few people seem to care about this in practice - how many illegal SSH installations are out there?). all software that uses RSA is subject to this bogosity, including PGP: http://bs.mit.edu:8001/pgp-form.html http://www.scramdisk.clara.net/pgpfaq.html#SubRSAREF -d. --- http://www.monkey.org/~dugsong/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message