INN and md5
Julien ÉLIE
julien at trigofacile.com
Thu Apr 17 11:16:52 UTC 2008
Hi Russ,
>> Seeing <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476186>, it
>> appears that lib/md5.c cannot be used in a software which is redistributed.
>
> Didn't we already have this discussion about how the people reporting this
> problem are misinterpreting RSA's license? It sounds extremely familiar.
Hmm... It was indeed last year in another bug report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405354
It points to the following clarification:
http://www.ietf.org/ietf/IPR/RSA-MD-all
Implementations of these message-digest algorithms, including
implementations derived from the reference C code in RFC-1319, RFC-1320, and
RFC-1321, may be made, used, and sold without license from RSA for any
purpose.
No rights other than the ones explicitly set forth above are
granted. Further, although RSA grants rights to implement certain
algorithms as defined by identified RFCs, including implementations derived
from the reference C code in those RFCs, no right to use, copy, sell, or
distribute any other implementations of the MD2, MD4, or MD5 message-digest
algorithms created, implemented, or distributed by RSA is hereby granted by
implication, estoppel, or otherwise. Parties interested in licensing
security components and toolkits written by RSA should contact the company
to discuss receiving a license. All other questions should be directed to
Margaret K. Seif, General Counsel, RSA Security Inc., 36 Crosby Drive,
Bedford, Massachusetts 01730.
As INN's implementation comes from RFC 1321, there seems to be no problem at all
(if I understand well the meaning of this clarification).
--
Julien ÉLIE
« Rien ni personne n'a tout à fait tort : même une horloge
arrêtée a raison deux fois par jour. » (John Steinbeck)
More information about the inn-workers
mailing list