INN and md5

[Julien ÉLIE]

Hi Russ,

>> Seeing <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476186>, it
>> appears that lib/md5.c cannot be used in a software which is redistributed.
>
> Didn't we already have this discussion about how the people reporting this
> problem are misinterpreting RSA's license?  It sounds extremely familiar.

Hmm...  It was indeed last year in another bug report:
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405354

It points to the following clarification:
    http://www.ietf.org/ietf/IPR/RSA-MD-all


            Implementations of these message-digest algorithms, including
    implementations derived from the reference C code in RFC-1319, RFC-1320, and
    RFC-1321, may be made, used, and sold without license from RSA for any
    purpose.

            No rights other than the ones explicitly set forth above are
    granted.  Further, although RSA grants rights to implement certain
    algorithms as defined by identified RFCs, including implementations derived
    from the reference C code in those RFCs, no right to use, copy, sell, or
    distribute any other implementations of the MD2, MD4, or MD5 message-digest
    algorithms created, implemented, or distributed by RSA is hereby granted by
    implication, estoppel, or otherwise.  Parties interested in licensing
    security components and toolkits written by RSA should contact the company
    to discuss receiving a license.  All other questions should be directed to
    Margaret K. Seif, General Counsel, RSA Security Inc., 36 Crosby Drive,
    Bedford, Massachusetts 01730.


As INN's implementation comes from RFC 1321, there seems to be no problem at all
(if I understand well the meaning of this clarification).

-- 
Julien ÉLIE

« Rien ni personne n'a tout à fait tort : même une horloge
  arrêtée a raison deux fois par jour. » (John Steinbeck)