Subject: Re: quickly find what applications are affected by RSA
To: Frederick Bruckman <>
From: None <>
List: current-users
Date: 09/09/2000 00:35:23
>> 	the following twist have been removed by the RSA expiration, and
>> 	recently deregulated :
>> 	- non-commercials in US can use RSAREF
>> 	- commercials in US cannot use RSA at all
>> 	- non-US people should use non-RSAREF RSA source code
>Why do you say that? The formerly patented RSA algorithm (and code) is
>now in the public domain.

	The above 3 items lists the past situation, before the patent
	expiration.  sorry if I was not clear enough.

>> 	there still are other problems with crypto software:
>> 	- export/import regulation in non-US countries
>This affects some NetBSD users, certainly, but does not affect NetBSD.

	hmm, fine, as we redistribute IPsec-ready kernel source, this is
	not pkgsrc that matters, but the whole NetBSD distribution.
	so, if a country A has regulation on crypto export, they cannot be
	a worldwide-reachable NetBSD mirror server any more.  they cannot
	provide NetBSD binary packages as well as 1.5 base system.
	i drop my reasoning from this side.

>> 	- other patented algorithms, like IDEA/RC4/RC5
>I wasn't aware that the algorithms were patented. Are you saying that
>the openssl distribution in the NetBSD sources violates some patent?

	they are patented (some of the algorithm have "okay for non-commercial"
	clause with them).  for example:
	- IDEA: see RFC2451 p7, or Applied Cryptography (2nd ed) page 325
	- RC5: see RFC2451 p6, or AC 2nd ed page 346
	I (or we) will check and address the issue before 1.5 is out.