Import of old SSLeay release: SSLeay 0.8.1b

[openssl.git] / doc / legal.doc

From eay@mincom.com Thu Jun 27 00:25:45 1996
Received: by orb.mincom.oz.au id AA15821
  (5.65c/IDA-1.4.4 for eay); Wed, 26 Jun 1996 14:25:45 +1000
Date: Wed, 26 Jun 1996 14:25:45 +1000 (EST)
From: Eric Young <eay@mincom.oz.au>
X-Sender: eay@orb
To: Ken Toll <ktoll@ren.digitalage.com>
Cc: Eric Young <eay@mincom.oz.au>, ssl-talk@netscape.com
Subject: Re: Unidentified subject!
In-Reply-To: <9606261950.ZM28943@ren.digitalage.com>
Message-Id: <Pine.SOL.3.91.960626131156.28573K-100000@orb>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Status: O
X-Status: 


This is a little off topic but since SSLeay is a free implementation of
the SSLv2 protocol, I feel it is worth responding on the topic of if it 
is actually legal for Americans to use free cryptographic software.

On Wed, 26 Jun 1996, Ken Toll wrote:
> Is the U.S the only country that SSLeay cannot be used commercially 
> (because of RSAref) or is that going to be an issue with every country 
> that a client/server application (non-web browser/server) is deployed 
> and sold?

>From what I understand, the software patents that apply to algorithms 
like RSA and DH only apply in the USA.  The IDEA algorithm I believe is 
patened in europe (USA?), but considing how little it is used by other SSL 
implementations, it quite easily be left out of the SSLeay build
(this can be done with a compile flag).

Actually if the RSA patent did apply outside the USA, it could be rather
interesting since RSA is not alowed to let RSA toolkits outside of the USA
[1], and since these are the only forms that they will alow the algorithm
to be used in, it would mean that non-one outside of the USA could produce
public key software which would be a very strong statment for
international patent law to make :-).  This logic is a little flawed but
it still points out some of the more interesting permutations of USA
patent law and ITAR restrictions. 

Inside the USA there is also the unresolved issue of RC4/RC2 which were
made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2).  I have
copies of the origional postings if people are interested.  RSA I believe 
claim that they were 'trade-secrets' and that some-one broke an NDA in 
revealing them.  Other claim they reverse engineered the algorithms from 
compiled binaries.  If the algorithms were reverse engineered, I belive 
RSA had no legal leg to stand on.  If an NDA was broken, I don't know.
Regardless, RSA, I belive, is willing to go to court over the issue so 
licencing is probably the best idea, or at least talk to them.
If there are people who actually know more about this, pease let me know, I 
don't want to vilify or spread miss-information if I can help it.

If you are not producing a web browser, it is easy to build SSLeay with
RC2/RC4 removed. Since RC4 is the defacto standard cipher in 
all web software (and it is damn fast) it is more or less required for 
www use. For non www use of SSL, especially for an application where 
interoperability with other vendors is not critical just leave it out.

Removing IDEA, RC2 and RC4 would only leave DES and Triple DES but 
they should be ok.  Considing that Triple DES can encrypt at rates of
410k/sec on a pentium 100, and 940k/sec on a P6/200, this is quite 
reasonable performance.  Single DES clocks in at 1160k/s and 2467k/s
respectivly is actually quite fast for those not so paranoid (56 bit key).[1]

> Is it possible to get a certificate for commercial use outside of the U.S.?
yes.

Thawte Consulting issues certificates (they are the people who sell the
        Sioux httpd server and are based in South Africa)
Verisign will issue certificates for Sioux (sold from South Africa), so this
        proves that they will issue certificate for OS use if they are
        happy with the quality of the software.

(The above mentioned companies just the ones that I know for sure are issuing
 certificates outside the USA).

There is always the point that if you are using SSL for an intra net, 
SSLeay provides programs that can be used so you can issue your own 
certificates.  They need polishing but at least it is a good starting point.

I am not doing anything outside Australian law by implementing these
algorithms (to the best of my knowedge).  It is another example of how 
the world legal system does not cope with the internet very well.

I may start making shared libraries available (I have now got DLL's for 
Windows).  This will mean that distributions into the usa could be 
shipped with a version with a reduced cipher set and the versions outside 
could use the DLL/shared library with all the ciphers (and without RSAref).

This could be completly hidden from the application, so this would not 
even require a re-linking.

This is the reverse of what people were talking about doing to get around 
USA export regulations :-)

eric

[1]:    The RSAref2.0 tookit is available on at least 3 ftp sites in Europe
        and one in South Africa.

[2]:    Since I always get questions when I post benchmark numbers :-),
        DES performace figures are in 1000's of bytes per second in cbc 
        mode using an 8192 byte buffer.  The pentium 100 was running Windows NT 
        3.51 DLLs and the 686/200 was running NextStep.
        I quote pentium 100 benchmarks because it is basically the
        'entry level' computer that most people buy for personal use.
        Windows 95 is the OS shipping on those boxes, so I'll give
        NT numbers (the same Win32 runtime environment).  The 686
        numbers are present as an indication of where we will be in a
        few years.
--
Eric Young                  | BOOL is tri-state according to Bill Gates.
AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().