INN and md5

Russ Allbery rra at
Fri Apr 18 09:08:29 UTC 2008

Julien ÉLIE <julien at> writes:

> Hmm...  It was indeed last year in another bug report:
> It points to the following clarification:
>             Implementations of these message-digest algorithms,
>     including implementations derived from the reference C code in
>     RFC-1319, RFC-1320, and RFC-1321, may be made, used, and sold
>     without license from RSA for any purpose.
>             No rights other than the ones explicitly set forth above are
>     granted.  Further, although RSA grants rights to implement certain
>     algorithms as defined by identified RFCs, including implementations
>     derived from the reference C code in those RFCs, no right to use,
>     copy, sell, or distribute any other implementations of the MD2, MD4,
>     or MD5 message-digest algorithms created, implemented, or
>     distributed by RSA is hereby granted by implication, estoppel, or
>     otherwise.  Parties interested in licensing security components and
>     toolkits written by RSA should contact the company to discuss
>     receiving a license.  All other questions should be directed to
>     Margaret K. Seif, General Counsel, RSA Security Inc., 36 Crosby
>     Drive, Bedford, Massachusetts 01730.
> As INN's implementation comes from RFC 1321, there seems to be no
> problem at all (if I understand well the meaning of this clarification).

Yup.  It might help to stick the above reference URL and the first
paragraph into INN's LICENSE file to help with further questions.

Russ Allbery (rra at             <>

    Please send questions to the list rather than mailing me directly.
     <> explains why.

More information about the inn-workers mailing list