Subject: Re: quickly find what applications are affected by RSA
To: Frederick Bruckman <email@example.com>
From: None <firstname.lastname@example.org>
Date: 09/09/2000 01:08:19
>> >> - other patented algorithms, like IDEA/RC4/RC5
>> >I wasn't aware that the algorithms were patented. Are you saying that
>> >the openssl distribution in the NetBSD sources violates some patent?
>> they are patented (some of the algorithm have "okay for non-commercial"
>> clause with them). for example:
>> - IDEA: see RFC2451 p7, or Applied Cryptography (2nd ed) page 325
>> - RC5: see RFC2451 p6, or AC 2nd ed page 346
>> I (or we) will check and address the issue before 1.5 is out.
>Please tell the package maintainers what you find concerning openssl.
>We have a LICENSE (fee-based-commercial-use?) mechanism in
>pkgsrc/pkgtools which leads to a warning at install time, and can
>optionally ban source or binaries on ftp or cdrom (if applicable, but
>hopefully not). Would this affect only openssl, or other packages, too?
it affects other packages too. I do not have comprehensive list
of algorithms/packages, but here are examples (RSA is now non-issue):
- IDEA and RSA are used in SSH1 protocol, and SSH1 ships and uses
IDEA by default. (OpenSSH does not ship IDEA and does not use IDEA)
- IDEA and RSA are used in packet format used with PGP2, and
PGP2 uses and ships IDEA by default.
life is not that easy...