Subject: Re: Background on cryptosrc-intl proposal
To: Michael C. Richardson <>
From: Thor Lancelot Simon <>
List: tech-security
Date: 06/23/1999 12:52:28
On Wed, Jun 23, 1999 at 12:39:28PM -0400, Michael C. Richardson wrote:
> >>>>> "Thor" == Thor Lancelot Simon <> writes:
>     Thor> Please keep in mind that it's not really acceptable to import
>     Thor> anything which would cause the system, when built as a binary
>     Thor> distribution and shipped by an arbitrary vendor, to violate
>     Thor> intellectual property laws.  For example, RSA may be out of the
>     Thor> question until the patent expires, and IDEA certainly is.
>   1) The RSA patent was thrown out of court in the UK, and has never been
> 	tested as a result in any other European court. 
>   2) DSS/DH exists as an alternative.

Yes.  The "DSS/DH only OpenSSL" sounds like a good alternative to me.

>   3) the RSA patent expires next year

Yes, on September 29, 2000.  Believe me, I am tremendously aware of this date.

We also can't legally distribute something called "RC4", or various other
trademarked names.  Which isn't to say we'd have to, to ship OpenSSL, just
that we need to be careful to avoid it.

>   4) openssl can be built with RSAREF

Which it still isn't legal to use like you can use the rest of the NetBSD
source tree.

I am very eager to see strong crypto in the NetBSD tree.  However, I am *not*
so eager to see strong crypto in the NetBSD tree that I think the terms of
use of part of the NetBSD tree should be radicaly different from anything
we've distributed before -- causing a default binary distribution to not be
legally useful for many of the purposes for which it was before -- just to
have one particular package in the distribution.

Please remember: the current plan is to build release distributions with
what ends up in "cryptosrc-intl".  This precludes software whose license
terms don't meet current Project standards...