Subject: Re: OpenSSL import
To: None <,>
From: Michael C. Richardson <>
List: tech-security
Date: 06/29/1999 22:00:33
>>>>> "Thor" == Thor Lancelot Simon <> writes:
    Thor> On Tue, Jun 29, 1999 at 08:41:31PM -0400, Michael C. Richardson
    Thor> wrote:
    >>  What else should I remove? From comments on the list, I take it that
    >> rc2, rc4, rc5, rsa has to go. Anything else?

    Thor> That is certainly not my position.

    Thor> I would personally be quite happy if you left the current
    Thor> structure, minus code that has patent or other IP issues.  I

  You mean like RSA.

    Thor> personally think that leaving the RSA code in cryptosrc-intl is a
    Thor> good idea, so long as building it can be disabled.  I see no

  But, it has patent issues.

    Thor> problem with having an OpenSSL distribution, minus the code that
    Thor> has known intellectual property issues, in cryptosrc-intl/dist,
    Thor> with reach-across makefiles.  Clearly nothing has to reach into the
    Thor> MD5 or SHA1 subdirectories and duplicate what's already in libc in
    Thor> the built libraries.

    Thor> To my knowledge, the code that has intellectual property problems
    Thor> is:

    Thor> * IDEA (Ascom patents) * MD2 (license does not permit use except
    Thor> with a certain mail package) * RC4 (fine *if you don't call it
    Thor> RC4*; a trademark issue) * RC5 (U.S. patent issued, int'l patents
    Thor> pending AFAICT) * RC2 (trademark issue, as with RC4)

  And, until 2000, RSA.

   :!mcr!:            |  Cow#1: Are you worried about getting Mad Cow Disease?
   Michael Richardson |  Cow#2: No. I'm a duck.
 Home: PGP key available.