Feedback from Ben via legal-discuss, since his httpd-dev list seems
to have fallen over and can't get up.
Bill
--- Begin Message ---
William A. Rowe, Jr. wrote:
> A thread from [EMAIL PROTECTED], we are considering adding a newer algorithm
> to a binary 0.9.8 build of openssl. Introduces a patent question, with
> what is almost but not quite a complete grant of license. Looking for
> any feedback if this would concern us, since Tom raises the point that
> it gets interesting with Firefox 3 possibly using this algorithm.
I should point out that just because some loon contributes an algorithm
to OpenSSL doesn't mean you need to implement it.
If there's any encumbrance, then I see even less reason to implement
(less than "none", that is).
>
> Bill
>
>
>
> ------------------------------------------------------------------------
>
> Subject:
> Re: Thoughts on Camillia in openssl binaries?
> From:
> Tom Donovan <[EMAIL PROTECTED]>
> Date:
> Tue, 18 Sep 2007 16:19:55 -0400
> To:
> dev@httpd.apache.org
>
> To:
> dev@httpd.apache.org
>
>
> William A. Rowe, Jr. wrote:
>> Two questions, one technical one legal.
>>
>> Technically, do we want to enable the Camillia algorithms in our
>> binary builds of openssl 0.9.8 for win32 and other platforms where
>> we might build it?
>>
>> Legally are we satisfied by
>> http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
>> ? There is a small clause about permission needed to export from
>> JP, which would mean if a JP site redistributed our binary (e.g.
>> reexported it) it might cause them a hassle.
>>
>> Bill
>>
> Seems reasonable in anticipation of it becoming supported in FireFox 3.
>
> FYI - enabling camellia works well with Apache 2.2.4/mod_ssl on Windows
> to the NTT test site - https://info.isl.ntt.co.jp/crypt/eng/camellia.
> The selected Cipher Suite is TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA.
>
> On a slightly-related note; it might also be a good change to statically
> link zlib into OpenSSL to avoid the need for zlib1.dll. Doing so adds
> about 40kb to the size of libeay32.dll vs. shipping the 58kb zlib1.dll.
>
> I think rle compression (which is always available) or no-compression
> gets used for SSL in most cases anyway. Many Windows users delete
> zlib1.dll and never notice its absence.
>
> PERL Configure VC-WIN32 enable-camellia zlib
> --with-zlib-lib=../zlib/zlib.lib --with-zlib-include=../zlib
>
> -tom-
>
>
>
>
> ------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> DISCLAIMER: Discussions on this list are informational and educational
> only. Statements made on this list are not privileged, do not
> constitute legal advice, and do not necessarily reflect the opinions
> and policies of the ASF. See <http://www.apache.org/licenses/> for
> official ASF policies and documents.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
--- End Message ---
