tech-security: Re: cryptosrc-intl

Subject: Re: cryptosrc-intl
To: None <tech-security@netbsd.org, netbsd-intl@sandelman.ottawa.on.ca>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: tech-security
Date: 07/14/1999 22:18:12
>>>>> "Perry" == Perry E Metzger <perry@piermont.com> writes:
    Perry> Michael Richardson <mcr@sandelman.ottawa.on.ca> writes:
    >> Well, I thought I yanked the code. I noticed yesterday that I seem to have
    >> not done so. I think my command silently failed. (due to -f)
    >> I will yank things at 3pm Wednesday.
    >> The list is:
    >> rc2  (trade secret of RSA)
    >> rc4  (trade secret of RSA)

    Perry> No, that's not correct in either case. rc2 was openly published by
    Perry> them, rc4 is almost impossible for them to claim trade secret

  Okay, rc2 remains as is.

    Perry> OTOH, you *do* need to rename the rc4 routines to "arcfour" or some
    Perry> similar thing because their trademark *is* valid. It would be useful
    Perry> to keep "arcfour" in the library with that provisio.

  rc4 remains for now. I will work with the OpenSSL people to make sure that
things are renamed to "arcfour".
 
    >> rc5  (patented in the US by RSA)
    >> rsa  (patented in the US)

    Perry> These do need yanking, yes.

  These have been yanked.

    >> dsa  (patent claimed by RSA in the US)

  Left in place.

    Perry> Lots of people are using it and it is highly unlikely the patent is
    Perry> valid. I wouldn't worry about DSA.

    >> idea (patent claimed in a dozen European countries)

    Perry> This does need removal, yes.

  This is removed.

  The end result is:

netbsd-[crypto-intl/dist/openssl/crypto] mcr 17 %pwd
/cvsroot/cryptosrc-intl/crypto-intl/dist/openssl/crypto
netbsd-[crypto-intl/dist/openssl/crypto] mcr 18 %ls
Makefile.ssl,v      cryptlib.c,v        evp/                opensslconf.h,v     ripemd/
asn1/               cryptlib.h,v        ex_data.c,v         opensslconf.h.in,v  stack/
bf/                 crypto-lib.com,v    hmac/               opensslv.h,v        threads/
bio/                crypto.c,v          install.com,v       pem/                tmdiff.c,v
bn/                 crypto.h,v          lhash/              perlasm/            tmdiff.h,v
buffer/             cversion.c,v        md2/                pkcs12/             txt_db/
cast/               des/                md32_common.h,v     pkcs7/              x509/
comp/               dh/                 mdc2/               rand/               x509v3/
conf/               dsa/                mem.c,v             rc2/
cpt_err.c,v         err/                objects/            rc4/

  md4 and sha was already removed since it is duplicated in libc.

] Train travel features AC outlets with no take-off restrictions|  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [