> Agreed. We will not redistribute the IDEA impl, but if users want to go > and get the unmodified BouncyCastle JAR and use it (understanding the > terms under which they received it) then that is fine by us.
Yes, that's exactly what I was thinking of. +1 Thanks, Yuri On 9/18/07, Tim Ellison <[EMAIL PROTECTED]> wrote: > > Yuri Dolgov wrote: > > The JSSE provider is actually support IDEA based cipher suites, but it > > doesn't require IDEA implementation by default. > > Yep, that is what I thought. > > > Moreover, users should be aware if there is IDEA implementation as they > > could implicitly infringe the patent agreements. > > Agreed. We will not redistribute the IDEA impl, but if users want to go > and get the unmodified BouncyCastle JAR and use it (understanding the > terms under which they received it) then that is fine by us. > > Regards, > Tim > > > On 9/18/07, Tim Ellison <[EMAIL PROTECTED]> wrote: > >> There is a discussion over at the incubator general mailing list (e.g. > >> [1]), amongst other places, about the redistribution of BouncyCastle > >> code from ASF machines. > >> > >> The crux is that we can't redistribute BC's IDEA implementation as it > is > >> subject to a known patent for which we don't have a grant/license. > >> > >> We'll have to change our current practice of publishing binaries that > >> include BC unmodified. The resolution seems to be maintaining a local > >> copy of the BC JAR without the offending algorithm. I expect we would > >> have to unsign the JAR too when modified. > >> > >> Do we have any dependencies upon IDEA? I see some references in the > >> JSSE cipher suite code, but likely we don't attempt use it if we don't > >> have it. > >> > >> [1] > >> > >> > http://mail-archives.apache.org/mod_mbox/incubator-general/200709.mbox/[EMAIL > PROTECTED] > >> > >> Regards, > >> Tim > >> > > >
