[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RedHat forks OpenSSH?

On Mon, 2004-11-08 at 20:44, Damien Miller wrote:
> Jos Vos wrote:
> > On Tue, Nov 09, 2004 at 07:23:44AM +1100, Damien Miller wrote:


> > They do the same for "xmms", for example, to eliminate MP3 support
> > *and also not ship MP3 source code*, due to possible legal issues.
> Then they should also chop RC4 out of OpenSSL, OpenSSH and anything else
> that implements it because its legal status is near identical.

  Care to provide the details and perhaps post it to fedora-legal as
  I only ask, because my <stupidsmirk>keen google skills</stupidsmirk>
have only turned up that RC4 is *not* patented by RSA, but only
trademarked as well as a trade secret.  There was apparently someone who
posted RC4 equivalent code to Usenet.[1]  RSA seemingly made no effort
to squash it.  Unlike patents, I believe you must endeavor to protect
trade secrets and prevent and/or mitigate any exposure.  RSA hasn't gone
after anyone, nor would they likely have a case, except against the
person who posted the code originally.  And the code was not RSA
copyrighted code, but what is usually called 'ARCFOUR' or 'Allegedly
RC4' that is functionally equivalent.
  On the other hand, the MP3 situation is much clearer, (though still
slightly murky).  Thomson Multimedia's original website regarding the
MP3 patents seemed to allow for free (GPL or otherwise) *decoders*, but
only charge for *encoders*.  That changed when Thomson changed their
website (allegedly to 'clarify' the license, not change -- what bunk)
that indicated that they did not want to allow for free decoders.  Even
though I'm not a lawyer, that's Big Red Flag(TM) in my book.
  So although the RC4 question isn't 100% clear to me, it is absolutely
not nearly identical.  The cases are quite different.

[1] http://www.infosyssec.org/infosyssec/cryptalgorithms.html
-Paul Iadonisi
 Senior System Administrator
 Red Hat Certified Engineer / Local Linux Lobbyist
 Ever see a penguin fly?  --  Try Linux.
 GPL all the way: Sell services, don't lease secrets

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]