[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: r5776 enables RC5 and MDC2 in OpenSSL, Why?

From: Nathan Kidd <nathan-svn_at_spicycrypto.ca>
Date: 2006-03-01 20:47:21 CET

Stefan Küng wrote:
> Nathan Kidd wrote:
>> I'm curious about r5776:
>> "enable the rc5 and mdc2 cipher in the OpenSSL build."
>
> We had these two enabled for 1.2.x releases too. I disabled them for the
> 1.3.x releases because I though no one would use them. But apparently,
> some people still do need those.
> (and nobody complained about patents back then).

I wonder what is the nature of those people "needing" them. Do they
live in one of the few countries where there isn't a patent? Do they
have a license for the patents? Or they're just thinking "I'm a small
fish, nobody will bother me."? For anyone not in these categories I
think it's a problem.

> I don't know about those patents. But as far as I'm concerned, those
> ciphers are only used if the server requires them. So if they're
> patented in your country, just configure the server to not use them.

I'm not a lawyer, and I don't like any of this just like the next guy,
but I'm really afraid this could end up badly if care isn't taken (think
.gif, .jpg, .mp3). Based on everything I've seen in open source
projects, and in our own software, it doesn't matter if the cipher is
only 'enabled' by the server or not. If the code is actually included
in the software (which it is) then you're liable for "infringement".
Every project I've seen just disables these ciphers. If someone
*really* needs these ciphers it's certainly possible to build their own
libs.

> And you maybe don't want to know my opinion about patents... :)

I'd be in the audience applauding.

Cheers,

-Nathan

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Wed Mar 1 20:47:37 2006

This is an archived mail posted to the TortoiseSVN Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.