Subject: Re: quickly find what applications are affected by RSA
To: None <firstname.lastname@example.org>
From: Frederick Bruckman <email@example.com>
Date: 09/08/2000 10:56:30
On Sat, 9 Sep 2000 firstname.lastname@example.org wrote:
> The above 3 items lists the past situation, before the patent
> expiration. sorry if I was not clear enough.
Yes, of course. I misread.
> >> there still are other problems with crypto software:
> >> - export/import regulation in non-US countries
> >This affects some NetBSD users, certainly, but does not affect NetBSD.
> hmm, fine, as we redistribute IPsec-ready kernel source, this is
> not pkgsrc that matters, but the whole NetBSD distribution.
> so, if a country A has regulation on crypto export, they cannot be
> a worldwide-reachable NetBSD mirror server any more. they cannot
> provide NetBSD binary packages as well as 1.5 base system.
> i drop my reasoning from this side.
> >> - other patented algorithms, like IDEA/RC4/RC5
> >I wasn't aware that the algorithms were patented. Are you saying that
> >the openssl distribution in the NetBSD sources violates some patent?
> they are patented (some of the algorithm have "okay for non-commercial"
> clause with them). for example:
> - IDEA: see RFC2451 p7, or Applied Cryptography (2nd ed) page 325
> - RC5: see RFC2451 p6, or AC 2nd ed page 346
> I (or we) will check and address the issue before 1.5 is out.
Please tell the package maintainers what you find concerning openssl.
We have a LICENSE (fee-based-commercial-use?) mechanism in
pkgsrc/pkgtools which leads to a warning at install time, and can
optionally ban source or binaries on ftp or cdrom (if applicable, but
hopefully not). Would this affect only openssl, or other packages, too?