On Fri, 7 Jul 2000, Karl J. Runge wrote:
>
> On Fri, 07 Jul 2000, Paul Lussier <[EMAIL PROTECTED]> wrote:
> >
> > It's not so much the patent issue with ssh, it's that they use the RSARef
> > libs, which have a big, wide, gaping security hole in them. OpenSSH doesn't,
> > and is fully interoperable.
>
> Please note that ssh does *not* use RSAREF by default, it uses its own
> internal implementation. You have to turn RSAREF on during configure
> with --with-rsaref
Perhaps so... but at least for a very long time, the OpenSSH mirror list
indicated that (at least some, specified) US mirror sites compiled OpenSSH
with RSARef. I haven't been to the web page for a while, so this may have
changed. I'm not sure.
IIRC RSA also has made the assertion that in the United States you are
violating their patents if you use an implementation of their libraries
that was not licensed from them, or some such nonsense. I also believe
that this claim is not enforceable in a court of law, but I don't remember
why I believe that. I'm nearly positive that it's as a result of
something I read while I was investigating PGP. But no, I don't have
links. You could try MIT's PGP homepage... But I don't have the URL for
that either. It may not even still be there.
And, as always, the IANAL disclaimer applies.. :)
--
Derek Martin
System Administrator
Mission Critical Linux
[EMAIL PROTECTED]
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
