From owner-freebsd-security Tue Jul 29 20:32:37 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id UAA03805 for security-outgoing; Tue, 29 Jul 1997 20:32:37 -0700 (PDT) Received: from fly.HiWAAY.net (root@fly.HiWAAY.net [208.147.154.56]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id UAA03797 for ; Tue, 29 Jul 1997 20:32:34 -0700 (PDT) Received: from nexgen.hiwaay.net by fly.HiWAAY.net; (8.8.6/1.1.8.2/21Sep95-1003PM) id WAA31800; Tue, 29 Jul 1997 22:31:41 -0500 (CDT) Received: from nexgen (localhost [127.0.0.1]) by nexgen.hiwaay.net (8.8.6/8.8.4) with ESMTP id WAA09906 for ; Tue, 29 Jul 1997 22:01:58 -0500 (CDT) Message-Id: <199707300301.WAA09906@nexgen.hiwaay.net> X-Mailer: exmh version 2.0zeta 7/24/97 To: freebsd-security@FreeBSD.ORG From: dkelly@hiwaay.net Subject: Commercial ssh and ssl (was Re: securelevel...) In-reply-to: Message from Vincent Poy of "Tue, 29 Jul 1997 16:00:38 PDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 29 Jul 1997 22:01:58 -0500 Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Vincent Poy wrote: > > On Wed, 30 Jul 1997 sthaug@nethelp.no wrote: > > =)[cc list trimmed] > =) > =)> I was considering installing ssh but there is only one problem. > =)> I use Win95 from my own side at times for various reasons as well as > =)> the other remote admins. So a ssh client does cost money. We're > =)> volunteers and are not getting paid in any shape or form. > =) > =)The ssh client for Windows is $99. Educational sites are eligible for a > =)50% discount. Or you could run the FreeBSD version - for free. > > We're not a Educational site and are not getting paid by GaiaNet. > We voluntarily help admin the machines remotely. I know the FreeBSD > version is free but I am not always accessing the machines from the same > physical location. Is the FreeBSD ssh really free? >From /usr/ports/security/ssh/Makefile: # Don't use IDEA. IDEA can be freely used for non-commercial use. However, # commercial use may require a licence in a number of countries and @echo You must set variable USA_RESIDENT to YES if you are a USA @echo resident or NO otherwise. @echo If you are a USA resident you have to get the RSAREF2 @echo library \(RSA Inc. holds a patent on RSA and public key @echo cypto in general - using RSA implementations other thann @echo RSAREF will violate the US patent law\) @echo and extract it to ${WRKSRC}. Would someone care to correct me if I'm wrong, but don't the above terms prevent GaiaNet (who presumably charges for services) from using ssh at all without purchasing a license for RSA and/or IDEA? Looked into using ssh and SSLeay (in Apache) at work and concluded that if I'm being paid, its commercial, and licenses are required. And its even more commercial if my employer is being paid by a customer (US Gov) to implement. Same for the TIS-FWTK. Am I applying a stricter interpretation of the non-commercial terms than appropriate? Its a shame really, because if the choice boils down to Apache-SSL for $995 on FreeBSD vs. Netscape at $1295 on BSDI, SGI, or Solaris, Netscape will win. If it was up to The Boss, a Netscape or Microsoft server on NT would be the only consideration. I forgot, when does the relavent RSA patent expire? Maybe we can wait until then. :-) -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system.