Date: Tue, 29 Jul 1997 22:01:58 -0500 From: dkelly@hiwaay.net To: freebsd-security@FreeBSD.ORG Subject: Commercial ssh and ssl (was Re: securelevel...) Message-ID: <199707300301.WAA09906@nexgen.hiwaay.net> In-Reply-To: Message from Vincent Poy <vince@mail.MCESTATE.COM> of "Tue, 29 Jul 1997 16:00:38 PDT." <Pine.BSF.3.95.970729155539.3844q-100000@mail.MCESTATE.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
Vincent Poy wrote:
>
> On Wed, 30 Jul 1997 sthaug@nethelp.no wrote:
>
> =)[cc list trimmed]
> =)
> =)> I was considering installing ssh but there is only one problem.
> =)> I use Win95 from my own side at times for various reasons as well as
> =)> the other remote admins. So a ssh client does cost money. We're
> =)> volunteers and are not getting paid in any shape or form.
> =)
> =)The ssh client for Windows is $99. Educational sites are eligible for a
> =)50% discount. Or you could run the FreeBSD version - for free.
>
> We're not a Educational site and are not getting paid by GaiaNet.
> We voluntarily help admin the machines remotely. I know the FreeBSD
> version is free but I am not always accessing the machines from the same
> physical location.
Is the FreeBSD ssh really free?
>From /usr/ports/security/ssh/Makefile:
# Don't use IDEA. IDEA can be freely used for non-commercial use. However,
# commercial use may require a licence in a number of countries
and
@echo You must set variable USA_RESIDENT to YES if you are a USA
@echo resident or NO otherwise.
@echo If you are a USA resident you have to get the RSAREF2
@echo library \(RSA Inc. holds a patent on RSA and public key
@echo cypto in general - using RSA implementations other thann
@echo RSAREF will violate the US patent law\)
@echo and extract it to ${WRKSRC}.
Would someone care to correct me if I'm wrong, but don't the above terms
prevent GaiaNet (who presumably charges for services) from using ssh at all
without purchasing a license for RSA and/or IDEA?
Looked into using ssh and SSLeay (in Apache) at work and concluded that if
I'm being paid, its commercial, and licenses are required. And its even
more commercial if my employer is being paid by a customer (US Gov) to
implement. Same for the TIS-FWTK.
Am I applying a stricter interpretation of the non-commercial terms than
appropriate?
Its a shame really, because if the choice boils down to Apache-SSL for $995
on FreeBSD vs. Netscape at $1295 on BSDI, SGI, or Solaris, Netscape will
win. If it was up to The Boss, a Netscape or Microsoft server on NT would
be the only consideration.
I forgot, when does the relavent RSA patent expire? Maybe we can wait until
then. :-)
--
David Kelly N4HHE, dkelly@hiwaay.net
=====================================================================
The human mind ordinarily operates at only ten percent of its
capacity -- the rest is overhead for the operating system.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707300301.WAA09906>