On Fri, 28 Sep 2001 itojun@iijlab.net wrote:

> >Well, I'd like to use netbsd's pkgsrc to make packages in a commercial
> >product. Some of the packages I'm interested in use openssl, so I'd like
> >to have the commercially-usable version. I also want to minimize drift
> >between my pkgsrc and NetBSD's. When I suggested making an
> >openssl-commercial, I was told instead to just rip out idea & rc5 instead.
>
> 	I vote for openssl-commercial.

Ok. That works too.

> >Also, I'm basing my decision to limit things to no-idea and no-rc5 on
> >comments from the openssl web site. So while I'm not using a review from
> >an in-house lawyer, I am going with what a lot of other folks are doing.
> >:-)
>
> 	do you have any URLs for the "comments"?

http://www.openssl.org/support/faq.html#LEGAL1 lists:

1. Do I need patent licenses to use OpenSSL?

The patents section of the README file lists patents that may apply to you
if you want to use OpenSSL. For information on intellectual property
rights, please consult a lawyer. The OpenSSL team does not offer legal
advice.

You can configure OpenSSL so as not to use RC5 and IDEA by using

./config no-rc5 no-idea


They list patents on the RSA, RC5, and IDEA algorithms. They list RC4 as
being trademarked by RSA Inc.

So I think no-rc5 and no-idea are enough.

Take care,

Bill