This is the mail archive of the
libc-hacker@cygnus.com
mailing list for the glibc project.
Re: Integrating BIND 8.2
- To: zack@rabi.columbia.edu
- Subject: Re: Integrating BIND 8.2
- From: Geoff Keating <geoffk@ozemail.com.au>
- Date: Wed, 31 Mar 1999 11:51:49 +1000
- CC: libc-hacker@cygnus.com, rms@santafe.edu
- References: <199903302154.QAA16903@blastula.phys.columbia.edu>
> Date: Tue, 30 Mar 1999 16:54:03 -0500
> From: Zack Weinberg <zack@rabi.columbia.edu>
>
>
> I've just been looking over the new BIND release. It contains major updates
> to libresolv, including Secure DNS (RFC 2065) which we want. It should
> integrate fairly easily into our tree - in fact, some of the ugly parts go
> away.
>
> There are legal problems with the security code. It depends on RSA for
> cryptographic signatures; the kit includes a subset of the RSAREF library,
> issued under a license which is not even vaguely compatible with GPL. Also,
> it is probably illegal to export from the US. We could just leave hooks in
> libresolv and put a free clone into the crypt add on, except that RSA is
> patented in the US, so the clone would not be a legal import. (Are you
> disgusted yet?)
>
> I see three options:
>
> - Ignore the obnoxious license, distribute the RSAREF subset with the main
> body of libc. Hope that ISC is right when it says it's legal to export.
You'd need to read very carefully to see what it is exactly that is
legal to export. Binaries? Source?
You really do not want to ignore the RSAREF licence. The FSF might
lose GPL protection on libc.
> - Ignore RSA's patent, which expires next year anyway, and put a free clone
> into the crypt add-on. Hope RSA doesn't sue the FSF.
Well, the FSF could simply not distribute the add-on until the patent
expires. (IIRC, it's actually October 2002 it expires, 20 years after
its priority date). Yuk!!
The GPG people dealt with this by having RSA as an additional add-on,
not under the GPL---they can do this because they use DSA by default,
which is no longer patented.
I guess you could use clause 8 of the GPL here.
> - Put RSAREF, or a subset, into the crypt add-on. Hope this doesn't make
> libcrypt *binaries* illegal to export from the US, screwing two of the three
> major distributions. Also, is RSAREF available outside the US?
That's OK, libcrypt binaries (with the `crypt' plugin) are already
illegal to export from the US; that's the point of the plugin.
There is, somewhere, a RSAREF clone developed outside the US. I don't
remember what licence it's under.
I would like to avoid having essential features like Secure DNS put
into the crypt add-on; at present the crypt add-on is only needed for
compatibility.
This is especially true since Secure DNS does not need encryption,
only authentication, and so has a completely different set of legal
problems to the current crypt add-on.
I would be interested in RMS's opinion on this.
I might add that I'm unhappy about the IETF choosing a patented
algorithm as the _only_ possible algorithm. The fact that the RFC was
written in January 1997, when all possible algorithms were patented,
is only a partial excuse...
--
Geoffrey Keating <geoffk@ozemail.com.au>