From owner-freebsd-current  Sat Feb 19 22:52:59 2000
Delivered-To: freebsd-current@freebsd.org
Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11])
	by hub.freebsd.org (Postfix) with ESMTP
	id E158237BF34; Sat, 19 Feb 2000 22:52:52 -0800 (PST)
	(envelope-from Doug@gorean.org)
Received: from gorean.org (master [10.0.0.2])
	by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id WAA59366;
	Sat, 19 Feb 2000 22:52:48 -0800 (PST)
	(envelope-from Doug@gorean.org)
Message-ID: <38AF8F40.CB06E7C7@gorean.org>
Date: Sat, 19 Feb 2000 22:52:48 -0800
From: Doug Barton <Doug@gorean.org>
Organization: Triborough Bridge & Tunnel Authority
X-Mailer: Mozilla 4.7 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Kris Kennaway <kris@FreeBSD.org>
Cc: "Victor A. Salaman" <salaman@teknos.com>,
	"'Jordan K. Hubbard'" <jkh@zippy.cdrom.com>,
	freebsd-current@FreeBSD.org
Subject: Re: openssl in -current
References: <Pine.BSF.4.21.0002192215070.8731-100000@freefall.freebsd.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Kris Kennaway wrote:
> 
> On Sun, 20 Feb 2000, Victor A. Salaman wrote:
> 
> > Don't remove OpenSSL from the three... put the whole thing there, the whole
> > openssl distro in the tree. The problem with the patent is not that you
> > CAN'T get the software, the problem is that you can't build with it and use
> > it. But nobody said that you can't have it in the system. It's up to the
> > USA_RESIDENT variable that RSAREF would be built (over the net). The only
> > thing we would need to do is modify sysinstall if you are a USA resident
> > with a disclaimer screen. That way we put the responsability onto the user,
> > not the FreeBSD group.
> 
> This doesn't help. The RSA source not being there isn't the problem, the
> problem is that there are two different binary versions depending on how
> you build it (with rsaref or not).

	So we do what we do with DES. By default you have openssl without RSA, and
the RSA version is available as an after market distribution. All that's
required is the work necessary to make the two openssl distributions. 

	As for the ports, most of the ports that have the ability to use RSA also
have the ability to turn it off (TMK), usually through a configure
--variable. The ones that don't can have warnings spit out. Until the
patent runs out, leaving RSA as a port seems to be the only reasonable
alternative. 

	Once again, I don't think that the problems here are insurmountable, they
will just require some engineering. 

Doug
-- 
"Welcome to the desert of the real." 

    - Laurence Fishburne as Morpheus, "The Matrix"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message