Date: Fri, 14 Jul 2000 17:58:36 -0400 (EDT) From: Robert Watson <rwatson@FreeBSD.org> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libutil realhostname.c Message-ID: <Pine.NEB.3.96L.1000714174430.99434B-100000@fledge.watson.org> In-Reply-To: <200007142120.RAA88541@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 14 Jul 2000, Garrett Wollman wrote:
> <<On Fri, 14 Jul 2000 15:55:58 -0400 (EDT), Robert Watson <rwatson@FreeBSD.org> said:
>
> > The only licensing problem I know about is the dependence on RSA, which
> > goes away soon. Is there another licensing problem I don't know
> > about?
>
> The license for the actual implementation was, last time someone
> looked into this, fairly nasty (read: unacceptable to the Project).
> It's possible that recent values of BIND have fixed this. On the
> other hand, I've heard complaints that the ISC has started applying an
> unacceptable license to their recent releases of other software, in
> which case we may be screwed totally.
The license I found on the BIND9 release candidate was:
Copyright (C) 1996-2000 Internet Software Consortium.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
SOFTWARE.
In addition, elements of BIND's DNSSEC support rely on the TIS digital
signature toolkit (dst), which falls under the following license:
* Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
*
* Permission to use, copy modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
* TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
* WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
Later on, some of the copyrighting changed to NAI, after NAI acquired TIS:
* Portions Copyright (C) 1999, 2000 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
But the license terms remained the same.
I don't see any problem with that license. The only real issues I was
aware of were:
1) RSA patent -- this goes away in September, and not only that but I
believe a license was negotiated to allow free use of the RSA algorithm
for the purposes of supporting DNSsec.
The normal RSA license for dnssafe is:
/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
unpublished work protected as such under copyright law. This work
contains proprietary, confidential, and trade secret information of
RSA Data Security, Inc. Use, disclosure or reproduction without the
express written authorization of RSA Data Security, Inc. is
prohibited.
However, the negotiated license for BIND permits redistribution as part of
BIND. I.e., there was express written authorization. With Openssl as an
option here (BIND9), and supported in the build, I believe this is ok, as
dnssafe would not be used. And once September passes, the patent risk
goes away.
2) Export issues -- an export license was negotiated to allow RSA to be
exported when used for DNSsec. And this issue is also going away.
And those both relate to RSA, whereas DSA is also supported for DNSsec
since it only does authenticity, not privacy.
I've e-mailed the DNSEXT working group chair, a developer on the BIND9
DNSsec code, for some clarification, and will get back to you ASAP.
Robert N M Watson
robert@fledge.watson.org http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000714174430.99434B-100000>