Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 2 Nov 1999 12:00:18 -0600 (CST)
From:      James Wyatt <jwyatt@rwsystems.net>
To:        Dug Song <dugsong@monkey.org>
Cc:        Niels Provos <provos@citi.umich.edu>, security@FreeBSD.ORG, ports@FreeBSD.ORG, markus@openbsd.org
Subject:   Re: OpenSSH patches 
Message-ID:  <Pine.BSF.4.10.9911021151531.78894-100000@bsdie.rwsystems.net>
In-Reply-To: <Pine.BSO.4.10.9911021016190.1191-100000@funky.monkey.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Nov 1999, Dug Song wrote:
> On Tue, 2 Nov 1999, Niels Provos wrote:
> > One of them, already convincing enough by itself, is the free
> > commercial use.
> 
> not within the US, though. :-(
> 
> OpenBSD's OpenSSL relies on the system libcrypto, which uses a different
> RSA implementation depending on which ssl26 package you've installed.
> 
> for US users, this is RSAREF (RSA's reference implementation), which is
> only available for NON-commercial use. in order to use RSAREF (or indeed,
> any implementation of RSA) commercially, you must buy an RSA license.
> there is no way around this.
	[ ... ]
> all software that uses RSA is subject to this bogosity, including PGP:
	[ ... ]
> 	http://bs.mit.edu:8001/pgp-form.html
> 	http://www.scramdisk.clara.net/pgpfaq.html#SubRSAREF

I was under the impression that the RSA code was best for ApacheSSL
support and anything else (like ssh) could use several others (DES,
BlowFish, etc...).

I can also more easily get an RSA license because I have to cover it for a
year or so anyway - until the patent expires. Most businesses are used to
paying for the web server certs and licences, but some will balk at
something new. "*What* is this for again? I've never heard of it." - Jy@



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9911021151531.78894-100000>