current-users: Re: quickly find what applications are affected by RSA

Subject: Re: quickly find what applications are affected by RSA
To: Frederick Bruckman <fb@enteract.com>
From: None <itojun@iijlab.net>
List: current-users
Date: 09/09/2000 01:08:19

>> >> 	- other patented algorithms, like IDEA/RC4/RC5
>> >I wasn't aware that the algorithms were patented. Are you saying that
>> >the openssl distribution in the NetBSD sources violates some patent?
>> 	they are patented (some of the algorithm have "okay for non-commercial"
>> 	clause with them).  for example:
>> 	- IDEA: see RFC2451 p7, or Applied Cryptography (2nd ed) page 325
>> 	- RC5: see RFC2451 p6, or AC 2nd ed page 346
>> 	I (or we) will check and address the issue before 1.5 is out.
>Please tell the package maintainers what you find concerning openssl.
>We have a LICENSE (fee-based-commercial-use?) mechanism in
>pkgsrc/pkgtools which leads to a warning at install time, and can
>optionally ban source or binaries on ftp or cdrom (if applicable, but
>hopefully not). Would this affect only openssl, or other packages, too?

	it affects other packages too.  I do not have comprehensive list
	of algorithms/packages, but here are examples (RSA is now non-issue):
	- IDEA and RSA are used in SSH1 protocol, and SSH1 ships and uses
	  IDEA by default.  (OpenSSH does not ship IDEA and does not use IDEA)
	- IDEA and RSA are used in packet format used with PGP2, and
	  PGP2 uses and ships IDEA by default.
	life is not that easy...

itojun