Subject: Re: quickly find what applications are affected by RSA
To: Frederick Bruckman <fb@enteract.com>
From: None <itojun@iijlab.net>
List: current-users
Date: 09/09/2000 00:35:23
>> the following twist have been removed by the RSA expiration, and
>> recently deregulated :
>> - non-commercials in US can use RSAREF
>> - commercials in US cannot use RSA at all
>> - non-US people should use non-RSAREF RSA source code
>Why do you say that? The formerly patented RSA algorithm (and code) is
>now in the public domain.
The above 3 items lists the past situation, before the patent
expiration. sorry if I was not clear enough.
>> there still are other problems with crypto software:
>> - export/import regulation in non-US countries
>This affects some NetBSD users, certainly, but does not affect NetBSD.
hmm, fine, as we redistribute IPsec-ready kernel source, this is
not pkgsrc that matters, but the whole NetBSD distribution.
so, if a country A has regulation on crypto export, they cannot be
a worldwide-reachable NetBSD mirror server any more. they cannot
provide NetBSD binary packages as well as 1.5 base system.
i drop my reasoning from this side.
>> - other patented algorithms, like IDEA/RC4/RC5
>I wasn't aware that the algorithms were patented. Are you saying that
>the openssl distribution in the NetBSD sources violates some patent?
they are patented (some of the algorithm have "okay for non-commercial"
clause with them). for example:
- IDEA: see RFC2451 p7, or Applied Cryptography (2nd ed) page 325
- RC5: see RFC2451 p6, or AC 2nd ed page 346
I (or we) will check and address the issue before 1.5 is out.
itojun