Subject: Re: quickly find what applications are affected by RSA
To: None <>
From: Frederick Bruckman <>
List: current-users
Date: 09/08/2000 10:56:30
On Sat, 9 Sep 2000 wrote:

> 	The above 3 items lists the past situation, before the patent
> 	expiration.  sorry if I was not clear enough.

Yes, of course. I misread.

> >> 	there still are other problems with crypto software:
> >> 	- export/import regulation in non-US countries
> >This affects some NetBSD users, certainly, but does not affect NetBSD.
> 	hmm, fine, as we redistribute IPsec-ready kernel source, this is
> 	not pkgsrc that matters, but the whole NetBSD distribution.
> 	so, if a country A has regulation on crypto export, they cannot be
> 	a worldwide-reachable NetBSD mirror server any more.  they cannot
> 	provide NetBSD binary packages as well as 1.5 base system.
> 	i drop my reasoning from this side.

> >> 	- other patented algorithms, like IDEA/RC4/RC5
> >I wasn't aware that the algorithms were patented. Are you saying that
> >the openssl distribution in the NetBSD sources violates some patent?
> 	they are patented (some of the algorithm have "okay for non-commercial"
> 	clause with them).  for example:
> 	- IDEA: see RFC2451 p7, or Applied Cryptography (2nd ed) page 325
> 	- RC5: see RFC2451 p6, or AC 2nd ed page 346
> 	I (or we) will check and address the issue before 1.5 is out.

Please tell the package maintainers what you find concerning openssl.
We have a LICENSE (fee-based-commercial-use?) mechanism in
pkgsrc/pkgtools which leads to a warning at install time, and can
optionally ban source or binaries on ftp or cdrom (if applicable, but
hopefully not). Would this affect only openssl, or other packages, too?