Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 25 Mar 1999 09:58:27 -0700 (MST)
From:      Paul Hart <hart@iserver.com>
To:        Robert Watson <robert+freebsd@cyrus.watson.org>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Kerberos vs SSH
Message-ID:  <Pine.BSF.3.96.990325094344.3073A-100000@anchovy.orem.iserver.com>
In-Reply-To: <Pine.BSF.3.96.990325104851.483B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 25 Mar 1999, Robert Watson wrote:

> > > There are no licensing costs involved in using ssh1.
> > 
> > This is false, for most reasonable definitions of 'use'.
> > 
> > In particular, the use to which Mike Thompson (the original poster)
> > said he would put the software is explicitly covered in the license
> > for ssh (COPYING in the main ssh source directory) as needing
> > commercial licensing from Data Fellows.
> 
> My impression was that a license was needed from RSA to use RSA public key
> routines commercially.  The Data Fellows purchase would cover that also, I
> believe.

I think this is also only required in countries (such as the US) where the
RSA algorithm is legally patented.  RSA cannot be patented in many other
countries since it was disclosed in a public journal before the patent was
applied for.  As I recall, US patent law allows for a grace period of 12
months after the public disclosure in which to file a patent application
and receive a valid patent (after the typical waiting period of several
years).  But this will all become moot next year when the RSA patent in
the US expires. 

Something else to consider is SSH1's use of IDEA, which is another
patent-protected cipher that could possibly require commercial licensing.
But that's less critical than RSA, since other suitable bulk ciphers are
easily substituted instead.

Paul Hart

--
Paul Robert Hart        ><8>  ><8>  ><8>        Verio Web Hosting, Inc.
hart@iserver.com        ><8>  ><8>  ><8>        http://www.iserver.com/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990325094344.3073A-100000>