On Sat, 4 Mar 2000, Joseph T. Lee wrote:
> On Mon, Feb 21, 2000 at 01:28:34AM -0700, Warner Losh wrote:
> > One thing to keep in mind is that on Sept 8, 2000 the patent for RSA
> > expires and this whole mess goes away. Or at least devolves into the
> > usual crypto export mess rather than the c
On Mon, Feb 21, 2000 at 01:28:34AM -0700, Warner Losh wrote:
> One thing to keep in mind is that on Sept 8, 2000 the patent for RSA
> expires and this whole mess goes away. Or at least devolves into the
> usual crypto export mess rather than the crypto export plus rsa patent
> law plus rsaref lic
> I have just read several documents from www.eff.org, www.rsa.com, and
> www.openssl.org and have failed to find anything in there, that forbids us
> from not using openssl's RSA version. RSA has a patent for the algorithm,
> and they have provided a reference implementation to help the adoption
> It would obviously not be hard to write a set of stubs for these
> things, getting those stubs called selectively in the "no real RSA"
> case also not being very difficult. One way would be to put them in a
> lower version-numbered shared lib, like OpenBSD did it, so that the
> application woul
< said:
> Perhaps we should send e-mail to RSA to clarify this, and in light of this,
> ask for permission to distribute RSA with the base OS. Gee, we can get RSA
> anyway, so what's the point on making harder?
Heh.
A couple of years ago, RSA Data Security, Inc., was purchased by
another compan
On Sun, Feb 20, 2000 at 06:06:17PM -0800, Jordan K. Hubbard wrote:
> It would obviously not be hard to write a set of stubs for these
> things, getting those stubs called selectively in the "no real RSA"
> case also not being very difficult. One way would be to put them in a
> lower version-numbe
On Mon, Feb 21, 2000 at 01:38:29AM -0700, Warner Losh wrote:
> : > 1. They're in Canada
> :
> : What does that buy them? They have the same restrictions on rsaref since
> : it originated from the USA.
>
> They don't use rsaref.
Well if they don't use rsaref, they offer it -- or are you telling
Kris Kennaway wrote:
>
> > Christian Weisgerber wrote:
> > >
> > > binary installation:
> > > - before: user needs to install openssl port
> > > - now:user needs to install openssl package
> >
> > Where is the openssl package, and what it is called?
>
> http://www.freebsd.org/~kris/openssl/
Dan Langille wrote:
>
> On 21 Feb 00, at 15:23, Daniel C. Sobral wrote:
>
> > Christian Weisgerber wrote:
> > >
> > > binary installation:
> > > - before: user needs to install openssl port
> > > - now:user needs to install openssl package
> >
> > Where is the openssl package, and what it is
"Jordan K. Hubbard" <[EMAIL PROTECTED]> writes:
> I'm not totally inflexible about making the engineering vs user
> argument either, don't get me wrong, but this one is perilously in the
> middle and bringing something like openssh in as a companion to
> openssl would certainly raise my estimatio
* From: "Jordan K. Hubbard" <[EMAIL PROTECTED]>
* This is just wrong. If I go to build openssh then I expect it to DTRT
* with openssl whether or not openssl depends on RSA, I don't expect to
* go have to install a package manually and then continue with my build.
In case you can't get that
On Mon, 21 Feb 2000, Daniel C. Sobral wrote:
> Christian Weisgerber wrote:
> >
> > binary installation:
> > - before: user needs to install openssl port
> > - now:user needs to install openssl package
>
> Where is the openssl package, and what it is called?
http://www.freebsd.org/~kris/ope
In message <[EMAIL PROTECTED]> "David O'Brien" writes:
: On Sat, Feb 19, 2000 at 08:34:42PM -0800, Jordan K. Hubbard wrote:
: >
: > 1. They're in Canada
:
: What does that buy them? They have the same restrictions on rsaref since
: it originated from the USA.
They don't use rsaref.
: > 2. Wha
In message <[EMAIL PROTECTED]> "David O'Brien" writes:
: Which OpenBSD has done -- so why was it so easy for them? They have the
: *same* rules to live by that we have -- even though they are Canadian,
: the rsaref libs came from USA, thus they cannot be exported from Canada.
No. The RSA that t
One thing to keep in mind is that on Sept 8, 2000 the patent for RSA
expires and this whole mess goes away. Or at least devolves into the
usual crypto export mess rather than the crypto export plus rsa patent
law plus rsaref license jumping.
Warner
To Unsubscribe: send mail to [EMAIL PROTECTED
On 21 Feb 00, at 20:57, Dan Langille wrote:
> On 21 Feb 00, at 15:23, Daniel C. Sobral wrote:
>
> > Christian Weisgerber wrote:
> > >
> > > binary installation:
> > > - before: user needs to install openssl port
> > > - now:user needs to install openssl package
> >
> > Where is the openssl
On 21 Feb 00, at 15:23, Daniel C. Sobral wrote:
> Christian Weisgerber wrote:
> >
> > binary installation:
> > - before: user needs to install openssl port
> > - now:user needs to install openssl package
>
> Where is the openssl package, and what it is called?
security/openssl
--
Dan Langi
Christian Weisgerber wrote:
>
> binary installation:
> - before: user needs to install openssl port
> - now:user needs to install openssl package
Where is the openssl package, and what it is called?
--
Daniel C. Sobral(8-DCS)
[EMAIL PROTECTED]
[EMAIL PROTECTED]
On Sun, 20 Feb 2000, Jeffrey J. Mountin wrote:
> Considering that building and installing world takes quite a while, it
> would be nice to have a simple way, so wonder if a simple 'make all
> install' in secure/usr.bin/openssl will do it for everything that depends
> on openssl. Chapter 6.5 of t
> In FreeBSD's case, however, the conservative approach has landed us in
> "no man's land", where openssl can neither be wholly justified or
> dismissed, and I think that's a fundamental issue which needs to be
> addressed. I've seen Kris's arguments about how integrating openssl
> is a useful fi
> Hmmm. I'm beginning to wonder if openssl shouldn't just be backed-out
> at this point. The situation with RSA makes this far more problematic
> than I think anyone first thought, and I've seen a lot of breakage so
> far for what appears to be comparatively little gain over what we had
> before
On 2000-Feb-21 13:09:21 +1100, "Jordan K. Hubbard" <[EMAIL PROTECTED]> wrote:
> Simply swapping one openssl library for another ...
> If we're going to go with that level of packaging granularity
>then openssl belongs as a package and should not be part of the
>bindist, end of story
This sounds
OK, I've dinked around with this some more and I think I might have at
least a partial solution to this whole mess (it still doesn't make
openssl actually useful to us, it just makes it less annoying :).
First, apply the following patch:
Index: Makefile
==
> 0. RSA situation
> [ a very nice point-for-point analysis of the situation elided ]
Christian,
Thank you for this summary; it helps a lot to have all the relevant
information presented in one place like this. Now we can begin
cutting to the heart of this matter, which I'll do in the form of
e
Jeffrey J. Mountin <[EMAIL PROTECTED]> wrote:
> My big question is - Do we really want to force a 'make world' on the those
> that want RSA support in openssl?
We don't want to and WE DON'T DO.
> That would be ugly, when before it was simply the matter of building only
> two ports.
binary inst
David O'Brien <[EMAIL PROTECTED]> wrote:
> While I don't know is how OpenBSD builds the two sets of bits, I do know
> how easy it was for me as a user to install 2.6 and get a RSA enabled
> crypto lib.
Alas, if I understand Jordan correctly, he objects exactly to this
additional installation st
> "Christian" == Christian Weisgerber <[EMAIL PROTECTED]> writes:
Christian> Commercial users need to get
Christian> an explicit license from RSA Inc., which from what I
Christian> hear you can't get in practice.
Correct. The only option for commercial software (in the US) is to
David O'Brien <[EMAIL PROTECTED]> wrote:
> How does OpenBSD deal with it? Why is it so easy for them?
0. RSA situation
In the USA, the RSA algorithm(!) is patented by RSA Inc. It doesn't
matter where the actual code is from, any use of RSA needs permission
by the patent holder. RSA Inc. provid
At 10:17 PM 2/19/00 -0800, Kris Kennaway wrote:
>This doesn't help. The RSA source not being there isn't the problem, the
>problem is that there are two different binary versions depending on how
>you build it (with rsaref or not). Source code builds aren't a problem,
>they already work fine, it's
On Sun, 20 Feb 2000, David O'Brien wrote:
> On Sun, Feb 20, 2000 at 12:52:49AM -0800, Kris Kennaway wrote:
> > No, because openssl is compiled differently if rsaref is present or not -
> > it's not just a matter of dropping in librsaref.so (we can't always just
> > build the version with RSAref s
On Sun, 20 Feb 2000, David O'Brien wrote:
> > 2. What they do appears to be kind of icky, e.g. it requires more
> >"hand work" than I think the average FreeBSD user would be willing
> >to accept
>
> By handwork you man building, or installing? When I put OpenBSD 2.6 on
> my sparc5, I di
On Sun, Feb 20, 2000 at 01:32:22PM -0800, Jordan K. Hubbard wrote:
> > > 1. They're in Canada
> >
> > What does that buy them? They have the same restrictions on rsaref since
> > it originated from the USA.
>
> I don't believe they're under the same legal gun when it comes to the
> patent issue
> On Sat, Feb 19, 2000 at 08:34:42PM -0800, Jordan K. Hubbard wrote:
> >
> > 1. They're in Canada
>
> What does that buy them? They have the same restrictions on rsaref since
> it originated from the USA.
I don't believe they're under the same legal gun when it comes to the
patent issues. Thi
On Sat, Feb 19, 2000 at 08:34:42PM -0800, Jordan K. Hubbard wrote:
>
> 1. They're in Canada
What does that buy them? They have the same restrictions on rsaref since
it originated from the USA.
> 2. What they do appears to be kind of icky, e.g. it requires more
>"hand work" than I think the
On Sat, Feb 19, 2000 at 08:27:48PM -0800, Kris Kennaway wrote:
> > How does OpenBSD do it? Cant we do what they do?
>
> They do a worse job than us is the short answer.
That is not a very helpful answer. Care to provide details?
--
-- David([EMAIL PROTECTED])
To Unsubscribe: send mail
> How does OpenBSD deal with it? Why is it so easy for them?
It isn't. Go look for yourself.
- Jordan
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
On Sat, Feb 19, 2000 at 07:46:50PM -0800, Kris Kennaway wrote:
>
> Having _a_ general-purpose cryptography toolkit in the base system allows
> us to add in all sorts of cool things to FreeBSD (https support for fetch,
> openssh, random cryptographic enhancements elsewhere).
Which OpenBSD has don
On Sun, Feb 20, 2000 at 12:52:49AM -0800, Kris Kennaway wrote:
> No, because openssl is compiled differently if rsaref is present or not -
> it's not just a matter of dropping in librsaref.so (we can't always just
> build the version with RSAref stubs because it references symbols in
> librsaref a
On Sun, Feb 20, 2000 at 01:12:48PM -0800, David O'Brien wrote:
> How does OpenBSD deal with it? Why is it so easy for them?
Their main repositories lie in Canada and not the United States of
Anti-encryption? :-)
--
Will Andrews <[EMAIL PROTECTED]>
GCS/E/S @d- s+:+>+:- a--->+++ C++ UB P+
On Sat, Feb 19, 2000 at 11:41:22PM -0800, Kris Kennaway wrote:
> Given that we can't import rsaref into FreeBSD and we can't depend on it
> as a port, that about rules out any options for installing from
> sysinstall.
How does OpenBSD deal with it? Why is it so easy for them?
--
-- David([
Today Kris Kennaway wrote:
> > I'm also assuming that if I have openssl installed via the base system
> > and USA_RESIDENT=YES in /etc/make.conf, going off to make openssh will
> > cause it to build rsaref on my behalf just like it used to? I'd hate
> > to have something become manual which was
Kris Kennaway wrote:
>
> Except it's not just this release, it's "for the life of the 4.x branch"
> given the rules of what should get put into -stable. I really don't want
> to have to wait another year or more for 5.0-RELEASE before we can start
> making use of crypto in the recommended version
On Sun, 20 Feb 2000, Jordan K. Hubbard wrote:
> > See Jim Bloom's patch of earlier this evening.
>
> Sorry, I'm the release engineer - I only "see" something as fixed when
> it's actually committed to the tree and in my current build. :)
Well, I'm not allowed to commit to that file :) I also ha
> On Sun, 20 Feb 2000, Jordan K. Hubbard wrote:
>
> > Well, I guess I'll be less frantic about this when I see the ports
> > infrastructure working properly with this - having openssh fail
> > came as a rude shock. :)
>
> See Jim Bloom's patch of earlier this evening.
Sorry, I'm the release eng
On Sun, 20 Feb 2000, Jordan K. Hubbard wrote:
> Well, I guess I'll be less frantic about this when I see the ports
> infrastructure working properly with this - having openssh fail
> came as a rude shock. :)
See Jim Bloom's patch of earlier this evening.
> I'm also assuming that if I have opens
In message <[EMAIL PROTECTED]>, "Jordan K. Hubbard" writes:
>Hmmm. I'm beginning to wonder if openssl shouldn't just be backed-out
>at this point. The situation with RSA makes this far more problematic
>than I think anyone first thought, and I've seen a lot of breakage so
>far for what appears t
> Given that we can't import rsaref into FreeBSD and we can't depend on it
> as a port, that about rules out any options for installing from
> sysinstall. The remaining possibility is what we have now, namely manual
> installation of the package post-installation, which is documented in the
> hand
On Sat, 19 Feb 2000, Jordan K. Hubbard wrote:
> If you see a better way out of this, I'm all for hearing about it.
> All I've done with sysinstall so far is set USA_RESIDENT=YES in
> /etc/make.conf now if you select Yes at the DES distribution menu
> (which is already covered with all kinds of le
> The whole RSA scheme is bogus, because anyone in the world can get an
> implementation of RSA, so its widely accesible, so why all this
> RSAREF/non-RSAREF mumbo-jumbo?
Because US patent law is pretty dumb :)
--mike
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe fre
> Well, you're the release engineer of course..but I don't think the
> problems are insurmountable. Sysinstall could be made to install the
> correct package after asking the user the right questions (if they choose
> to install crypto):
Again, I simply do not wish to depend on any more packages
Drosihn
Cc: Jordan K. Hubbard; Doug Barton; Victor Salaman;
[EMAIL PROTECTED]
Subject: Re: openssl in -current
On Sun, 20 Feb 2000, Garance A Drosihn wrote:
> This will be a lot easier once the patent expires. We would probably
Yes.
> be better off sticking with the ports-version until t
At 10:31 PM -0800 2/19/00, Kris Kennaway wrote:
> > if 4.0 is delayed, I want it delayed for things which are actually busted,
> > and not to move features from the ports collection to the base system.
>
>No-one's talking about delaying 4.0.
Not directly, but all the work trying to figure this ou
On Sat, 19 Feb 2000, Doug Barton wrote:
> > This doesn't help. The RSA source not being there isn't the problem, the
> > problem is that there are two different binary versions depending on how
> > you build it (with rsaref or not).
>
> So we do what we do with DES. By default you have ope
Kris Kennaway wrote:
>
> On Sun, 20 Feb 2000, Victor A. Salaman wrote:
>
> > Don't remove OpenSSL from the three... put the whole thing there, the whole
> > openssl distro in the tree. The problem with the patent is not that you
> > CAN'T get the software, the problem is that you can't build wit
On Sun, 20 Feb 2000, Garance A Drosihn wrote:
> This will be a lot easier once the patent expires. We would probably
Yes.
> be better off sticking with the ports-version until then, so we don't
> have to delay 4.0-release until all the issues are sorted out. If
> 4.0 is delayed, I want it del
On Sat, 19 Feb 2000, Jordan K. Hubbard wrote:
> The questions which aren't being answered here are "what use is OpenSSL
> without RSA"
To ports, not much - with the exception of one or two, they all require
RSA.
Intrinsically, a lot. I have big plans for using openssl in the base
system, and if
On Sun, 20 Feb 2000, Victor A. Salaman wrote:
> Don't remove OpenSSL from the three... put the whole thing there, the whole
> openssl distro in the tree. The problem with the patent is not that you
> CAN'T get the software, the problem is that you can't build with it and use
> it. But nobody said
> Don't remove OpenSSL from the three... put the whole thing there, the whole
> openssl distro in the tree. The problem with the patent is not that you
> CAN'T get the software, the problem is that you can't build with it and use
> it. But nobody said that you can't have it in the system. It's up
At 8:09 PM -0800 2/19/00, Jordan K. Hubbard wrote:
> > Having _a_ general-purpose cryptography toolkit in the base system allows
> > us to add in all sorts of cool things to FreeBSD (https support for fetch,
> > openssh, random cryptographic enhancements elsewhere). OpenSSL just
> > happens to be
ng is not a good idea.
Just my 2 cents.
-Original Message-
From: Jordan K. Hubbard [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 20, 2000 12:09 AM
To: Doug Barton
Cc: Kris Kennaway; Victor Salaman; [EMAIL PROTECTED]
Subject: Re: openssl in -current
> Kris Kennaway wrot
* William Woods ([EMAIL PROTECTED]) [000220 00:28]:
> How does OpenBSD do it? Cant we do what they do?
OpenBSD is based in Canada, which doesn't restrict the export of
encryption. So, unless FreeBSD development moves to Canada, we can't
do what they do.
--
Hasan Diwan [[EMAIL PROTECTED]]
On Sat, 19 Feb 2000, Doug Barton wrote:
> > The patent nonsense with RSA will be going away in september, and the US
> > vs. the world problems have also been receding and probably won't last
> > much longer either.
>
> So how effective is openssl (plus the things that do/will depend on it
Kris Kennaway wrote:
>
> On Sat, 19 Feb 2000, Doug Barton wrote:
>
> > Pardon me for coming late to the party, but what was the
> > rationale behind putting openssl into the source anyway? Given the
> > rsa/no rsa problems, not to mention the US vs. the world problems,
> > what were the be
On Sat, 19 Feb 2000, Jordan K. Hubbard wrote:
> Hmmm. I'm beginning to wonder if openssl shouldn't just be backed-out
> at this point. The situation with RSA makes this far more problematic
> than I think anyone first thought, and I've seen a lot of breakage so
> far for what appears to be comp
> How does OpenBSD do it? Cant we do what they do?
1. They're in Canada
2. What they do appears to be kind of icky, e.g. it requires more
"hand work" than I think the average FreeBSD user would be willing
to accept (or the average developer would be willing to see in the
tree in such a
On Sat, 19 Feb 2000, William Woods wrote:
> How does OpenBSD do it? Cant we do what they do?
They do a worse job than us is the short answer.
Kris
"How many roads must a man walk down, before you call him a man?"
"Eight!"
"That was a rhetorical question!"
"Oh..then, seven!" -- Homer Simps
How does OpenBSD do it? Cant we do what they do?
On 20-Feb-00 Jordan K. Hubbard wrote:
>> Kris Kennaway wrote:
>> >
>> > On Sat, 19 Feb 2000, Victor Salaman wrote:
>> >
>> > > I personally think that it's braindead to add openssl to the system
>> > > and stripout parts of it (RSA & IDEA). Don't
> Having _a_ general-purpose cryptography toolkit in the base system allows
> us to add in all sorts of cool things to FreeBSD (https support for fetch,
> openssh, random cryptographic enhancements elsewhere). OpenSSL just
> happens to be the only decent freely-available (BSDL) toolkit.
And I sti
> Kris Kennaway wrote:
> >
> > On Sat, 19 Feb 2000, Victor Salaman wrote:
> >
> > > I personally think that it's braindead to add openssl to the system
> > > and stripout parts of it (RSA & IDEA). Don't get me wrong, I love to
> > > have
>
> Pardon me for coming late to the party, but what was
Hmmm. I'm beginning to wonder if openssl shouldn't just be backed-out
at this point. The situation with RSA makes this far more problematic
than I think anyone first thought, and I've seen a lot of breakage so
far for what appears to be comparatively little gain over what we had
before with the
On Sat, 19 Feb 2000, Doug Barton wrote:
> Pardon me for coming late to the party, but what was the
> rationale behind putting openssl into the source anyway? Given the
> rsa/no rsa problems, not to mention the US vs. the world problems,
> what were the benefits that outweighed the complicat
Kris Kennaway wrote:
>
> On Sat, 19 Feb 2000, Victor Salaman wrote:
>
> > I personally think that it's braindead to add openssl to the system
> > and stripout parts of it (RSA & IDEA). Don't get me wrong, I love to
> > have
Pardon me for coming late to the party, but what was the ration
On Sat, 19 Feb 2000, Jordan K. Hubbard wrote:
> > Building with rsaref can't be the default case, because it's restrictively
> > licensed and not legal for some people to use.
>
> It's trying to figure out who "some" people are and how to address the
> needs of people who don't fit that category
> Building with rsaref can't be the default case, because it's restrictively
> licensed and not legal for some people to use.
It's trying to figure out who "some" people are and how to address the
needs of people who don't fit that category that I'm still having a
hard time with here. If I have
On Sat, 19 Feb 2000, Jordan K. Hubbard wrote:
> > It already does this if you get your crypto from internat. US mirror sites
> > only carry the neutered (no-RSA) version, but internat carries RSA and
> > builds it conditional on USA_RESIDENT.
>
> And why don't the USA sites have the RSAREF versi
> It already does this if you get your crypto from internat. US mirror sites
> only carry the neutered (no-RSA) version, but internat carries RSA and
> builds it conditional on USA_RESIDENT.
And why don't the USA sites have the RSAREF version? I'm still not
sure I understand the compartmentaliza
On Sat, 19 Feb 2000, Jordan K. Hubbard wrote:
> > Okay, so what do I need to do to make this happen?
>
> 1. Make openssl build as part of the standard "world" and depend
>on the setting of USA_RESIDENT, which will be initially set by
>sysinstall.
It already does this if you get your cry
> > openssl becomes a "distribution" like the DES bits are. Depending on
> > external packages is actually something I'm trying to wean sysinstall
> > away from because the dependency is a PITA and the creation of the
> > packages collection is not automated in the same way that distribution
> >
On Sat, 19 Feb 2000, Jordan K. Hubbard wrote:
> At this stage, I'm ready to have two different CD products for
> international and domestic use. I can also ensure that the
> appropriate ISO images are made available from the US and
> internat.freebsd.org, along with the distribution bits. What
> So do I. Unfortunately our hands are tied - the version of FreeBSD
> distributed in the US must not contain these because they are patented
> technologies and not available for unrestricted use. Unfortunately this is
> also the same version distributed worldwide on FreeBSD CDs, install
At this
On Sat, 19 Feb 2000, Victor Salaman wrote:
> I personally think that it's braindead to add openssl to the system
> and stripout parts of it (RSA & IDEA). Don't get me wrong, I love to
> have
So do I. Unfortunately our hands are tied - the version of FreeBSD
distributed in the US must not contain
81 matches
Mail list logo
