There are a large number of misconceptions in this thread.  I will
address them all here for my own selfish convenience. :-)

On Tue, Dec 21, 1999 at 12:53:13PM -0800, Henry B. Hotz wrote:
> At 3:48 AM -0800 12/17/99, David Brownlee wrote:
> >	Replying to Gabriel and David in one message here :)
> >
> >On Thu, 16 Dec 1999, gabriel rosenkoetter wrote:
> >> As I understand it, OpenSSH does use OpenSSL, which does use RSAREF2.

OpenSSL *may* use RSAREF2, if you tell it to at configurae-time.  This
has variously been broken or required with past OpenSSL revisions;
at the moment I believe it works as intended: that is, you can tell
OpenSSL, when you configure and then compile it, to either use or
not use RSAREF.

> >> The RSAREF2 that's part of OpenSSL, however, is one audited by the

Wrong.  There is no "RSAREF2 that's part of OpenSSL".  OpenSSL
links to whatever RSAREF you tell it to if you tell it to.

> It's my understanding that you can build SSL to only use non-RSA
> cryptography.  In that case the RSA patents are irrelevant and there is no
> need for any RSA library.

That is correct, and in fact OpenSSL in the NetBSD source tree is configured
that way, but such an OpenSSL installation is not useful for implementing
the SSH protocol, because SSHv1 *requires* RSA.  If those functions aren't
in the OpenSSL library (actually, the libcrypto library, which is the
other library supplied by OpenSSL) you lose.  An SSH implementation
really can't use most of the pretty abstractions of SSL; it's basically
going to make calls directly into libcrypto all of the time.

That said, I don't think it's a foregone conclusion that because
the OpenSSL people said that their code is safe from the RSAREF hole,
which it may well be *if you use it for SSL*, some random program
that uses libcrypto, which in turn uses RSAREF, is.  Be very, very
careful when confronted with such claims.

-- 
Thor Lancelot Simon	                                      tls@rek.tjls.com
	"And where do all these highways go, now that we are free?"