On Mon, Feb 21, 2000 at 01:28:34AM -0700, Warner Losh wrote:
One thing to keep in mind is that on Sept 8, 2000 the patent for RSA
expires and this whole mess goes away. Or at least devolves into the
usual crypto export mess rather than the crypto export plus rsa patent
law plus rsaref
It would obviously not be hard to write a set of stubs for these
things, getting those stubs called selectively in the "no real RSA"
case also not being very difficult. One way would be to put them in a
lower version-numbered shared lib, like OpenBSD did it, so that the
application would
I have just read several documents from www.eff.org, www.rsa.com, and
www.openssl.org and have failed to find anything in there, that forbids us
from not using openssl's RSA version. RSA has a patent for the algorithm,
and they have provided a reference implementation to help the adoption of
In message [EMAIL PROTECTED] "David O'Brien" writes:
: Which OpenBSD has done -- so why was it so easy for them? They have the
: *same* rules to live by that we have -- even though they are Canadian,
: the rsaref libs came from USA, thus they cannot be exported from Canada.
No. The RSA that
* From: "Jordan K. Hubbard" [EMAIL PROTECTED]
* This is just wrong. If I go to build openssh then I expect it to DTRT
* with openssl whether or not openssl depends on RSA, I don't expect to
* go have to install a package manually and then continue with my build.
In case you can't get that
"Jordan K. Hubbard" [EMAIL PROTECTED] writes:
I'm not totally inflexible about making the engineering vs user
argument either, don't get me wrong, but this one is perilously in the
middle and bringing something like openssh in as a companion to
openssl would certainly raise my estimation of
On Sun, Feb 20, 2000 at 06:06:17PM -0800, Jordan K. Hubbard wrote:
It would obviously not be hard to write a set of stubs for these
things, getting those stubs called selectively in the "no real RSA"
case also not being very difficult. One way would be to put them in a
lower version-numbered
On 21 Feb 00, at 20:57, Dan Langille wrote:
On 21 Feb 00, at 15:23, Daniel C. Sobral wrote:
Christian Weisgerber wrote:
binary installation:
- before: user needs to install openssl port
- now:user needs to install openssl package
Where is the openssl package, and what
One thing to keep in mind is that on Sept 8, 2000 the patent for RSA
expires and this whole mess goes away. Or at least devolves into the
usual crypto export mess rather than the crypto export plus rsa patent
law plus rsaref license jumping.
Warner
To Unsubscribe: send mail to [EMAIL
In message [EMAIL PROTECTED] "David O'Brien" writes:
: On Sat, Feb 19, 2000 at 08:34:42PM -0800, Jordan K. Hubbard wrote:
:
: 1. They're in Canada
:
: What does that buy them? They have the same restrictions on rsaref since
: it originated from the USA.
They don't use rsaref.
: 2. What
On Mon, 21 Feb 2000, Daniel C. Sobral wrote:
Christian Weisgerber wrote:
binary installation:
- before: user needs to install openssl port
- now:user needs to install openssl package
Where is the openssl package, and what it is called?
http://www.freebsd.org/~kris/openssl/
Dan Langille wrote:
On 21 Feb 00, at 15:23, Daniel C. Sobral wrote:
Christian Weisgerber wrote:
binary installation:
- before: user needs to install openssl port
- now:user needs to install openssl package
Where is the openssl package, and what it is called?
Kris Kennaway wrote:
Christian Weisgerber wrote:
binary installation:
- before: user needs to install openssl port
- now:user needs to install openssl package
Where is the openssl package, and what it is called?
http://www.freebsd.org/~kris/openssl/
That's not
On Mon, Feb 21, 2000 at 01:38:29AM -0700, Warner Losh wrote:
: 1. They're in Canada
:
: What does that buy them? They have the same restrictions on rsaref since
: it originated from the USA.
They don't use rsaref.
Well if they don't use rsaref, they offer it -- or are you telling me
In FreeBSD's case, however, the conservative approach has landed us in
"no man's land", where openssl can neither be wholly justified or
dismissed, and I think that's a fundamental issue which needs to be
addressed. I've seen Kris's arguments about how integrating openssl
is a useful first
Today Kris Kennaway wrote:
I'm also assuming that if I have openssl installed via the base system
and USA_RESIDENT=YES in /etc/make.conf, going off to make openssh will
cause it to build rsaref on my behalf just like it used to? I'd hate
to have something become manual which was
On Sun, Feb 20, 2000 at 01:12:48PM -0800, David O'Brien wrote:
How does OpenBSD deal with it? Why is it so easy for them?
Their main repositories lie in Canada and not the United States of
Anti-encryption? :-)
/wild guess that just might be right
--
Will Andrews [EMAIL PROTECTED]
GCS/E/S
On Sat, Feb 19, 2000 at 08:27:48PM -0800, Kris Kennaway wrote:
How does OpenBSD do it? Cant we do what they do?
They do a worse job than us is the short answer.
That is not a very helpful answer. Care to provide details?
--
-- David([EMAIL PROTECTED])
To Unsubscribe: send mail to
On Sat, Feb 19, 2000 at 08:34:42PM -0800, Jordan K. Hubbard wrote:
1. They're in Canada
What does that buy them? They have the same restrictions on rsaref since
it originated from the USA.
2. What they do appears to be kind of icky, e.g. it requires more
"hand work" than I think the
On Sat, Feb 19, 2000 at 08:34:42PM -0800, Jordan K. Hubbard wrote:
1. They're in Canada
What does that buy them? They have the same restrictions on rsaref since
it originated from the USA.
I don't believe they're under the same legal gun when it comes to the
patent issues. This isn't
On Sun, 20 Feb 2000, David O'Brien wrote:
2. What they do appears to be kind of icky, e.g. it requires more
"hand work" than I think the average FreeBSD user would be willing
to accept
By handwork you man building, or installing? When I put OpenBSD 2.6 on
my sparc5, I did a
On Sun, 20 Feb 2000, David O'Brien wrote:
On Sun, Feb 20, 2000 at 12:52:49AM -0800, Kris Kennaway wrote:
No, because openssl is compiled differently if rsaref is present or not -
it's not just a matter of dropping in librsaref.so (we can't always just
build the version with RSAref stubs
At 10:17 PM 2/19/00 -0800, Kris Kennaway wrote:
This doesn't help. The RSA source not being there isn't the problem, the
problem is that there are two different binary versions depending on how
you build it (with rsaref or not). Source code builds aren't a problem,
they already work fine, it's
David O'Brien [EMAIL PROTECTED] wrote:
How does OpenBSD deal with it? Why is it so easy for them?
0. RSA situation
In the USA, the RSA algorithm(!) is patented by RSA Inc. It doesn't
matter where the actual code is from, any use of RSA needs permission
by the patent holder. RSA Inc. provides
"Christian" == Christian Weisgerber [EMAIL PROTECTED] writes:
Christian Commercial users need to get
Christian an explicit license from RSA Inc., which from what I
Christian hear you can't get in practice.
Correct. The only option for commercial software (in the US) is to
license
David O'Brien [EMAIL PROTECTED] wrote:
While I don't know is how OpenBSD builds the two sets of bits, I do know
how easy it was for me as a user to install 2.6 and get a RSA enabled
crypto lib.
Alas, if I understand Jordan correctly, he objects exactly to this
additional installation step
Jeffrey J. Mountin [EMAIL PROTECTED] wrote:
My big question is - Do we really want to force a 'make world' on the those
that want RSA support in openssl?
We don't want to and WE DON'T DO.
That would be ugly, when before it was simply the matter of building only
two ports.
binary
0. RSA situation
[ a very nice point-for-point analysis of the situation elided ]
Christian,
Thank you for this summary; it helps a lot to have all the relevant
information presented in one place like this. Now we can begin
cutting to the heart of this matter, which I'll do in the form of
OK, I've dinked around with this some more and I think I might have at
least a partial solution to this whole mess (it still doesn't make
openssl actually useful to us, it just makes it less annoying :).
First, apply the following patch:
Index: Makefile
On 2000-Feb-21 13:09:21 +1100, "Jordan K. Hubbard" [EMAIL PROTECTED] wrote:
Simply swapping one openssl library for another ...
If we're going to go with that level of packaging granularity
then openssl belongs as a package and should not be part of the
bindist, end of story
This sounds
Hmmm. I'm beginning to wonder if openssl shouldn't just be backed-out
at this point. The situation with RSA makes this far more problematic
than I think anyone first thought, and I've seen a lot of breakage so
far for what appears to be comparatively little gain over what we had
before
On Sun, 20 Feb 2000, Jeffrey J. Mountin wrote:
Considering that building and installing world takes quite a while, it
would be nice to have a simple way, so wonder if a simple 'make all
install' in secure/usr.bin/openssl will do it for everything that depends
on openssl. Chapter 6.5 of the
On 21 Feb 00, at 15:23, Daniel C. Sobral wrote:
Christian Weisgerber wrote:
binary installation:
- before: user needs to install openssl port
- now:user needs to install openssl package
Where is the openssl package, and what it is called?
security/openssl
--
Dan Langille - DVL
So do I. Unfortunately our hands are tied - the version of FreeBSD
distributed in the US must not contain these because they are patented
technologies and not available for unrestricted use. Unfortunately this is
also the same version distributed worldwide on FreeBSD CDs, install
At this
It already does this if you get your crypto from internat. US mirror sites
only carry the neutered (no-RSA) version, but internat carries RSA and
builds it conditional on USA_RESIDENT.
And why don't the USA sites have the RSAREF version? I'm still not
sure I understand the
K. Hubbard; Doug Barton; Victor Salaman;
[EMAIL PROTECTED]
Subject: Re: openssl in -current
On Sun, 20 Feb 2000, Garance A Drosihn wrote:
This will be a lot easier once the patent expires. We would probably
Yes.
be better off sticking with the ports-version until then, so we don't
have to
The whole RSA scheme is bogus, because anyone in the world can get an
implementation of RSA, so its widely accesible, so why all this
RSAREF/non-RSAREF mumbo-jumbo?
Because US patent law is pretty dumb :)
--mike
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe
On Sat, 19 Feb 2000, Jordan K. Hubbard wrote:
The questions which aren't being answered here are "what use is OpenSSL
without RSA"
To ports, not much - with the exception of one or two, they all require
RSA.
Intrinsically, a lot. I have big plans for using openssl in the base
system, and if
On Sat, 19 Feb 2000, Victor Salaman wrote:
I personally think that it's braindead to add openssl to the system
and stripout parts of it (RSA IDEA). Don't get me wrong, I love to
have
So do I. Unfortunately our hands are tied - the version of FreeBSD
distributed in the US must not contain
se, this all begs the question as to whether or not the current
DES/openssl division is even meaningful now. The DES code we have in
the tree is rapidly falling under the radar of what the US government
considers interesting and this whole openssl thing is over a patent,
which is in a rather different c
At 10:31 PM -0800 2/19/00, Kris Kennaway wrote:
if 4.0 is delayed, I want it delayed for things which are actually busted,
and not to move features from the ports collection to the base system.
No-one's talking about delaying 4.0.
Not directly, but all the work trying to figure this out is
This message was sent from Geocrawler.com by "Victor Salaman" [EMAIL PROTECTED]
Be sure to reply to that address.
I personally think that it's braindead to add
openssl to the system and stripout parts of it
(RSA IDEA). Don't get me wrong, I love to have
openssl inside the system, it's just
On Sat, 19 Feb 2000, Jordan K. Hubbard wrote:
At this stage, I'm ready to have two different CD products for
international and domestic use. I can also ensure that the
appropriate ISO images are made available from the US and
internat.freebsd.org, along with the distribution bits. What we
t sometime (*nudge*).
3. I add another "crypto" flag for this chunk of stuff in the
now-not-very-well-named des/ distribution directory and add
sysinstall menu entries for it appropriately.
Of course, this all begs the question as to whether or not the current
DES/openssl divi
On Sat, 19 Feb 2000, Jordan K. Hubbard wrote:
It already does this if you get your crypto from internat. US mirror sites
only carry the neutered (no-RSA) version, but internat carries RSA and
builds it conditional on USA_RESIDENT.
And why don't the USA sites have the RSAREF version?
Building with rsaref can't be the default case, because it's restrictively
licensed and not legal for some people to use.
It's trying to figure out who "some" people are and how to address the
needs of people who don't fit that category that I'm still having a
hard time with here. If I have
On Sat, 19 Feb 2000, Jordan K. Hubbard wrote:
Building with rsaref can't be the default case, because it's restrictively
licensed and not legal for some people to use.
It's trying to figure out who "some" people are and how to address the
needs of people who don't fit that category that
Kris Kennaway wrote:
On Sat, 19 Feb 2000, Victor Salaman wrote:
I personally think that it's braindead to add openssl to the system
and stripout parts of it (RSA IDEA). Don't get me wrong, I love to
have
Pardon me for coming late to the party, but what was the rationale
Kris Kennaway wrote:
On Sat, 19 Feb 2000, Victor Salaman wrote:
I personally think that it's braindead to add openssl to the system
and stripout parts of it (RSA IDEA). Don't get me wrong, I love to
have
Pardon me for coming late to the party, but what was the rationale
Having _a_ general-purpose cryptography toolkit in the base system allows
us to add in all sorts of cool things to FreeBSD (https support for fetch,
openssh, random cryptographic enhancements elsewhere). OpenSSL just
happens to be the only decent freely-available (BSDL) toolkit.
And I still
How does OpenBSD do it? Cant we do what they do?
On 20-Feb-00 Jordan K. Hubbard wrote:
Kris Kennaway wrote:
On Sat, 19 Feb 2000, Victor Salaman wrote:
I personally think that it's braindead to add openssl to the system
and stripout parts of it (RSA IDEA). Don't get me wrong, I
On Sat, 19 Feb 2000, William Woods wrote:
How does OpenBSD do it? Cant we do what they do?
They do a worse job than us is the short answer.
Kris
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer
How does OpenBSD do it? Cant we do what they do?
1. They're in Canada
2. What they do appears to be kind of icky, e.g. it requires more
"hand work" than I think the average FreeBSD user would be willing
to accept (or the average developer would be willing to see in the
tree in such a
On Sat, 19 Feb 2000, Jordan K. Hubbard wrote:
Hmmm. I'm beginning to wonder if openssl shouldn't just be backed-out
at this point. The situation with RSA makes this far more problematic
than I think anyone first thought, and I've seen a lot of breakage so
far for what appears to be
Kris Kennaway wrote:
On Sat, 19 Feb 2000, Doug Barton wrote:
Pardon me for coming late to the party, but what was the
rationale behind putting openssl into the source anyway? Given the
rsa/no rsa problems, not to mention the US vs. the world problems,
what were the benefits
-
From: Jordan K. Hubbard [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 20, 2000 12:09 AM
To: Doug Barton
Cc: Kris Kennaway; Victor Salaman; [EMAIL PROTECTED]
Subject: Re: openssl in -current
Kris Kennaway wrote:
On Sat, 19 Feb 2000, Victor Salaman wrote:
I personally think
56 matches
Mail list logo