From owner-freebsd-current Sat Feb 19 21:52:57 2000 Delivered-To: freebsd-current@freebsd.org Received: from teknos.teknos.com (teknos-gw.nappr.org [216.0.190.254]) by hub.freebsd.org (Postfix) with ESMTP id DD6EA37BDF5; Sat, 19 Feb 2000 21:52:53 -0800 (PST) (envelope-from salaman@teknos.com) Received: by teknos.teknos.com with Internet Mail Service (5.5.2650.21) id <19NW71H3>; Sun, 20 Feb 2000 01:47:48 -0400 Message-ID: <1D45ABC754FB1E4888E508992CE97E4F059CE6@teknos.teknos.com> From: "Victor A. Salaman" To: "'Jordan K. Hubbard'" , Doug Barton Cc: Kris Kennaway , freebsd-current@FreeBSD.ORG Subject: RE: openssl in -current Date: Sun, 20 Feb 2000 01:47:44 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a crazy idea, and don't flame me for it... Don't remove OpenSSL from the three... put the whole thing there, the whole openssl distro in the tree. The problem with the patent is not that you CAN'T get the software, the problem is that you can't build with it and use it. But nobody said that you can't have it in the system. It's up to the USA_RESIDENT variable that RSAREF would be built (over the net). The only thing we would need to do is modify sysinstall if you are a USA resident with a disclaimer screen. That way we put the responsability onto the user, not the FreeBSD group. The logic behind this that OpenSSL has a non-restrictive license, so it can be distributed, you just can't build RSA and IDEA in the USA. If it worked otherwise, everyone downloading OpenSSL is violating the law, and OpenSSL would be illegal. When you download OpenSSL, it has the RSA & IDEA code in it, and it has the option to use RSAREF (see!! the user has the option to go with or against the law), but OpenSSL is distributed freely. I think that we are being too cautious for nothing. Let's just put the whole OpenSSL distribution into the system. If something happens, hey, OpenSSL is also breaking the law. What's the worst that can happen, a slap on the wrist? If it's available on the Net at www.openssl.org, and their license says it can be distributed, then it can. It's up to the user to decide if they want to build with RSAREF or not. I think that this would be the best choice, as we need decent crypto in the system, and it would require very minimal effort on our part. And then again, what the heck, we could always make the CD's in Japan and import them, hehe. Jordan, I think is the way to go... And the 2 CD thing is not a good idea. Just my 2 cents. -----Original Message----- From: Jordan K. Hubbard [mailto:jkh@zippy.cdrom.com] Sent: Sunday, February 20, 2000 12:09 AM To: Doug Barton Cc: Kris Kennaway; Victor Salaman; freebsd-current@FreeBSD.ORG Subject: Re: openssl in -current > Kris Kennaway wrote: > > > > On Sat, 19 Feb 2000, Victor Salaman wrote: > > > > > I personally think that it's braindead to add openssl to the system > > > and stripout parts of it (RSA & IDEA). Don't get me wrong, I love to > > > have > > Pardon me for coming late to the party, but what was the rationale behind > putting openssl into the source anyway? Given the rsa/no rsa problems, not > to mention the US vs. the world problems, what were the benefits that > outweighed the complications? Note, I'm not trying to be critical here, I'm > just interested in the thought process behind the decision. I think the idea was to eventually bundle openssh into the system, but this now look comparatively difficult enough that I'm definitely having second thoughts about the whole thing. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message