Kurt Seifried wrote:
I'm not sure what Sep 20 brings. One person told me he didn't believe all of
On september 20th the RSA patent should expire (assuming RSA does not try to renew it, hopefully not). You americans can then use a proper RSA implementation (like the rest of the world uses right now =).
For private "client-side" use we are pretty much free to use what we will. I'm quite impressed with SSLeay/OpenSSL. I don't know how the code stacke up against BSAFE as far as speed goes, but the free stuff seems quite stable as far as I can tell. I haven't put much of a load on it yet though. RSA strikes me as a quality oriented company, and they seem to produce good products. Even if the algorithms are public domain, (I wonder if I could get a patten on the pythagorean theorem? ...hmmmmm?) they may still have a market for BSAFE. As far as the specifics of the pattem go, I'm not sure what it actually covers. Steve Henson suggests a leagal build would result from ./config no-rc5 no-idea no-rsa. rc5 and idea are both symmetric algorithms. RSA is the one that works the magic for PKI. It is a descendent of Diffi-Hellman, which may rightfully be called 'Williamson'. It's the only one I use in my work.
BSAFE will be freed up then. Im also don't know if Mozilla will build to anything other than BSAFE. One person told me he has built using BSAFEeay, but that looks pretty shaky at this point. Even the libs I have for the older NSS don't look like they will seamlessly fit into the current code base. I can't go into details, but there is no one-to-one matching.
As far as RSA software packages/etc go you'll still need to buy those, but at least you can choose to go with the free implementations of RSA.
I'm not convinced that there won't be a bsafe.h and so forth in the opensource community soon. I'm just not sure it will hit the net at 0:01 on the 23rd.
-Kurt
Steve