From eay@mincom.com Thu Jun 27 00:25:45 1996 Received: by orb.mincom.oz.au id AA15821 (5.65c/IDA-1.4.4 for eay); Wed, 26 Jun 1996 14:25:45 +1000 Date: Wed, 26 Jun 1996 14:25:45 +1000 (EST) From: Eric Young X-Sender: eay@orb To: Ken Toll Cc: Eric Young , ssl-talk@netscape.com Subject: Re: Unidentified subject! In-Reply-To: <9606261950.ZM28943@ren.digitalage.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Status: O X-Status: This is a little off topic but since SSLeay is a free implementation of the SSLv2 protocol, I feel it is worth responding on the topic of if it is actually legal for Americans to use free cryptographic software. On Wed, 26 Jun 1996, Ken Toll wrote: > Is the U.S the only country that SSLeay cannot be used commercially > (because of RSAref) or is that going to be an issue with every country > that a client/server application (non-web browser/server) is deployed > and sold? >From what I understand, the software patents that apply to algorithms like RSA and DH only apply in the USA. The IDEA algorithm I believe is patened in europe (USA?), but considing how little it is used by other SSL implementations, it quite easily be left out of the SSLeay build (this can be done with a compile flag). Actually if the RSA patent did apply outside the USA, it could be rather interesting since RSA is not alowed to let RSA toolkits outside of the USA [1], and since these are the only forms that they will alow the algorithm to be used in, it would mean that non-one outside of the USA could produce public key software which would be a very strong statment for international patent law to make :-). This logic is a little flawed but it still points out some of the more interesting permutations of USA patent law and ITAR restrictions. Inside the USA there is also the unresolved issue of RC4/RC2 which were made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2). I have copies of the origional postings if people are interested. RSA I believe claim that they were 'trade-secrets' and that some-one broke an NDA in revealing them. Other claim they reverse engineered the algorithms from compiled binaries. If the algorithms were reverse engineered, I belive RSA had no legal leg to stand on. If an NDA was broken, I don't know. Regardless, RSA, I belive, is willing to go to court over the issue so licencing is probably the best idea, or at least talk to them. If there are people who actually know more about this, pease let me know, I don't want to vilify or spread miss-information if I can help it. If you are not producing a web browser, it is easy to build SSLeay with RC2/RC4 removed. Since RC4 is the defacto standard cipher in all web software (and it is damn fast) it is more or less required for www use. For non www use of SSL, especially for an application where interoperability with other vendors is not critical just leave it out. Removing IDEA, RC2 and RC4 would only leave DES and Triple DES but they should be ok. Considing that Triple DES can encrypt at rates of 410k/sec on a pentium 100, and 940k/sec on a P6/200, this is quite reasonable performance. Single DES clocks in at 1160k/s and 2467k/s respectivly is actually quite fast for those not so paranoid (56 bit key).[1] > Is it possible to get a certificate for commercial use outside of the U.S.? yes. Thawte Consulting issues certificates (they are the people who sell the Sioux httpd server and are based in South Africa) Verisign will issue certificates for Sioux (sold from South Africa), so this proves that they will issue certificate for OS use if they are happy with the quality of the software. (The above mentioned companies just the ones that I know for sure are issuing certificates outside the USA). There is always the point that if you are using SSL for an intra net, SSLeay provides programs that can be used so you can issue your own certificates. They need polishing but at least it is a good starting point. I am not doing anything outside Australian law by implementing these algorithms (to the best of my knowedge). It is another example of how the world legal system does not cope with the internet very well. I may start making shared libraries available (I have now got DLL's for Windows). This will mean that distributions into the usa could be shipped with a version with a reduced cipher set and the versions outside could use the DLL/shared library with all the ciphers (and without RSAref). This could be completly hidden from the application, so this would not even require a re-linking. This is the reverse of what people were talking about doing to get around USA export regulations :-) eric [1]: The RSAref2.0 tookit is available on at least 3 ftp sites in Europe and one in South Africa. [2]: Since I always get questions when I post benchmark numbers :-), DES performace figures are in 1000's of bytes per second in cbc mode using an 8192 byte buffer. The pentium 100 was running Windows NT 3.51 DLLs and the 686/200 was running NextStep. I quote pentium 100 benchmarks because it is basically the 'entry level' computer that most people buy for personal use. Windows 95 is the OS shipping on those boxes, so I'll give NT numbers (the same Win32 runtime environment). The 686 numbers are present as an indication of where we will be in a few years. -- Eric Young | BOOL is tri-state according to Bill Gates. AARNet: eay@mincom.oz.au | RTFM Win32 GetMessage().