On Mon, 10 Jan 2000, Ben Laurie wrote:
> Not sure whether its true or not, but so what? We don't have to
> _enforce_ the patent, just provide a way to not violate it, right?
But does the act of producing code which contains non-RSAref RSA code,
even if it's not used, violate the patent? Using a static library this
presumably wouldn't make it into any binaries unless there are internal
references to the "naughty" functions, but I haven't tested this
yet. When/if OpenSSL moves to using shared libraries too (as FreeBSD
does) this becomes a larger issue because the library you ship with your
binary retains the ability to do non-RSAref RSA.
I think it would be much safer against varying legal interpretations to
simply not compile the regular RSA cryptographic code in the case of
-DRSAref. I'll produce a patch tonight which does this.
Kris
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
