Ryan.Russell at SYBASE.COM
Mon Jan 24 13:24:11 EST 2000
>> That problem
>> goes away after September 29th.
>Maybe. that is if the Senators haven't been convinced otherwise by large
>injections of cash into their re-election campaign funds.
Here's a relevent article:
Do I have the date wrong? The article says the 20th. Anyway, the article
certainly doesn't make it sound like RSA is planning to put up a
fight over the patent thing.
I agree, though. The government has repeatedly show it's ability to do really
things. Clinton could declare a state of emerygency to prevent evil Hax0rs from
using the patented algorithm or something.
>Nope, you can't. What is available for USA people is libcryp/libssl based
>on RSAREF. This is legel within the US for ONLY NON-COMMERCIAL use. So if
>you're a company, you can't use it. Therefore, we're in a
>bind. Technically, Nobody (in the US) unless they are private citizens can
>OpenBSD's crypto. So what about the hundreds of corporate users who use
>it (ssh, VPN, SSL) within the united states? They are in
>violation of Patent and could arguably find themselves in legel trouble
>with RSA labs.
What I meant by "patent-free" was that you could get a copy of OpenBSD
without the appropriate crytpo at all, not that one could get a version
with different algorithms... seems to me that one had to download the
libs separately. Maybe that was pre-2.6? You'd know better than I.
>I think it would make sense for a company like ourselves to be the
>distribution point (if you will) of the reworked libcrypt/libssl libraries
>and to sell a US Corporate distribution of OpenBSD for that very purpose.
I think that's a very reasonable business model, but the timing is really
unfortunate. Sure, I'd probably buy a couple if they were available
right now, but I'd be waiting until September to see what happens
before I do any kind of mass deployment. (I'm thinking more of
OpenSSH rather than OpenBSD for "mass deployment", but same
VPN is sponsored by SecurityFocus.COM
More information about the VPN