Since this is a perennial cause of complaint (and I have been one of
the complainers):
SuSE customers living in North America who want the *full*
distribution, including crypto, on CD-ROM, can order it from
Amazon.co.uk.
The price, including airmail shipping to N. America, is 48 pounds.
Amazon.de won't ship it to N. America, and if you order directly from
SuSE GMBH you'll get whacked with high postage (which would have been
the case with Amazon.de in any case).
Best,
Corvin
--
Corvin Russell
Since this is a perennial cause of complaint (and I have been one of the complainers): SuSE customers living in North America who want the *full* distribution, including crypto, on CD-ROM, can order it from Best, Corvin
RSA is now in the public domain (would have been september 20th anyways, so RSA released it two weeks early for PR). http://www.securityportal.com/topnews/rsa20000906.html September 07, 2000 - Yesterday, RSA formally announced that the RSA algorithm will be released into the public domain. This is definitely good news, but not too terribly significant, since it would have happened on September 20 anyway (when their patent expires). The release of the algorithm is a good thing because you can now create cryptographic software using one RSA implementation and distribute it worldwide without having to license anything from RSA. http://www.rsasecurity.com/news/pr/000906-1.html So much misinformation has been spread recently regarding the expiration of the RSA algorithm patent that the company wanted to create an opportunity to state the facts. RSA Security's commercialization of the RSA patent helped create an entire industry of highly secure, interoperable products that are the foundation of the worldwide online economy. Releasing the RSA algorithm into the public domain now is a symbolic next step in the evolution of this market, as it will help cement the position of RSA encryption as the standard in all categories of wired and wireless applications and devices. RSA Security intends to continue to offer the world's premier implementation of the RSA algorithm and all other relevant encryption technologies in our RSA BSAFE software solutions and remains confident in our leadership in the encryption market. Sounds pretty good. You can now build products in the USA that use the RSA algorithm, freely. The most popular "free" implementation of RSA is OpenSSL, the primary author of which was hired by RSA several years ago. Until recently OpenSSL came in two flavors, one compiled against its own RSA and one compiled against RSAREF. While RSA was patented in the U.S., the only "free" implementation of RSA was RSAREF. While it was possible that a company might license the RSA algorithm from the RSA company, it was highly unlikely that RSA (the company) would license them a copy once they found out it was to be freely distributed (and this did in fact never happen). So everyone in the US that wanted "free" RSA was stuck using RSAREF, a reference implementation of RSA that has a very restrictive license. You could not use RSAREF for network services (OpenSSL, secure Web server, etc.) at a university, for example, since they charge tuition, which ultimately pays for network services. Because of this restriction on RSAREF it is pointless to ship encryption products based on it, since a very limited subset of users would legally be able to use it. RSAREF is also very slow, has a maximum keylength and had a serious security bug in the past, making it not incredibly popular among security professionals. But this is no longer a problem (wouldn't have been after September 20 in any case) because you can use a "free" implementation of RSA, such as the one OpenSSL provides, for encryption products you wish to use in the U.S. This is good news because you can, for example, download OpenSSL and OpenSSH Solaris 8.0 packages I created and use them now. I never bothered to compile them against RSAREF, so you would have had to wait another two weeks to download them. Unfortunately. U.S. crypto export laws still exist, so any companies within the U.S. creating spiffy new encryption packages, or open source projects like Linux trying to integrate cryptography, are still out of luck to varying degrees. (U.S. crypto law is in a state of flux, and while people have posted PGP up publicly for download and not been arrested, it is still not 100% clear what is and isn't legal.) However, it appears U.S. crypto laws are slowly moving towards openness, and hopefully in a few years will model Canada's export laws, which have a specific exemption for "Public Domain" (i.e. open source) software. This also creates some rather large issues for U.S. companies selling cryptographic software based on RSA. There are several companies in the U.S. that licensed RSA and then created products such as secure Web servers that were basically Apache+OpenSSL compiled against their licensed RSA crypto products. The cheapest of these was several hundred dollars, and most were not much easier to install and manage than "doing it yourself." These companies will have to figure out some other value-added method of getting customers to pay for something they can download for free. Any American can now download OpenSSL, install it, and use it for OpenSSH (secure administration), Apache (secure Web-serving) and so on. So what are you waiting for? Go do it! ftp://ftp.cryptoarchive.net/pub/
Since this is a perennial cause of complaint (and I have been one of the complainers):
SuSE customers living in North America who want the *full* distribution, including crypto, on CD-ROM, can order it from Amazon.co.uk.
The price, including airmail shipping to N. America, is 48 pounds.
Amazon.de won't ship it to N. America, and if you order directly from SuSE GMBH you'll get whacked with high postage (which would have been the case with Amazon.de in any case).
Best, Corvin
Hi Corvin,
Be sure you are not the only one who has to live with the unsatisfactory
situation. For SuSE, it would definitely be easier if we could ship only
one distribution with each release. Of course, this is reason enough to
investigate the legal procedure involved, which is what we do. If
everything gets straightened out, we'll have an US version that includes
all the crypto stuff.
As you might guess, this isn't an official statement or even an
announcement. It's just a statement that things aren't as easy as they
might look like at the first glance.
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Servus, Roman!
I certainly didn't imagine that SuSE was being wilful about not
shipping crypto to the States; why would a company unnecessarily
complicate things for itself? Anyhow, it is still nice to hear that
efforts are being made.
As for my suggestion, I'm not sure it will work for the States, or
whether its so working is not a matter of luck. However, it certainly
works for Canada. The mysterious thing is that amazon.co.uk lists
SuSE Pro 7.0 at 50-odd pounds, but when you click through you are
charged only 42 pounds plus shipping (your mileage may vary).
Best,
Corvin
--
Corvin Russell
On Tue, 12 Sep 2000, Corvin Russell wrote:
Servus, Roman!
I certainly didn't imagine that SuSE was being wilful about not shipping crypto to the States; why would a company unnecessarily complicate things for itself? Anyhow, it is still nice to hear that efforts are being made.
I second that. Thanks to Roman for the info. Kind regards, S.T.Ryder mailto:stryder@facestech.com +-------------------------------+-------------------------------------+
participants (4)
-
Corvin Russell
-
Kurt Seifried
-
Roman Drahtmueller
-
S.T.Ryder