INN and md5

[Russ Allbery]

Julien ÉLIE <julien at trigofacile.com> writes:

> Hmm...  It was indeed last year in another bug report:
>     http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405354
>
> It points to the following clarification:
>     http://www.ietf.org/ietf/IPR/RSA-MD-all
>
>             Implementations of these message-digest algorithms,
>     including implementations derived from the reference C code in
>     RFC-1319, RFC-1320, and RFC-1321, may be made, used, and sold
>     without license from RSA for any purpose.
>
>             No rights other than the ones explicitly set forth above are
>     granted.  Further, although RSA grants rights to implement certain
>     algorithms as defined by identified RFCs, including implementations
>     derived from the reference C code in those RFCs, no right to use,
>     copy, sell, or distribute any other implementations of the MD2, MD4,
>     or MD5 message-digest algorithms created, implemented, or
>     distributed by RSA is hereby granted by implication, estoppel, or
>     otherwise.  Parties interested in licensing security components and
>     toolkits written by RSA should contact the company to discuss
>     receiving a license.  All other questions should be directed to
>     Margaret K. Seif, General Counsel, RSA Security Inc., 36 Crosby
>     Drive, Bedford, Massachusetts 01730.
>
> As INN's implementation comes from RFC 1321, there seems to be no
> problem at all (if I understand well the meaning of this clarification).

Yup.  It might help to stick the above reference URL and the first
paragraph into INN's LICENSE file to help with further questions.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.