You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@apr.apache.org by Sander Striker <st...@samba-tng.org> on 2001/06/03 20:02:20 UTC

Legal issues, DES

Hi,

Maybe a bit off topic, but are there still legal issues with
DES implementations? I mean, if someone submitted a patch
would it be possible to include des in apr-util/crypto, or
would this be problematic. DES is still in use in a variety
of things, so providing the functionality wouldn't be that
strange I think.

Thoughts anyone,

Sander

Re: Legal issues, DES

Posted by Luke Kenneth Casson Leighton <lk...@samba-tng.org>.

these days, if you are in the u.s.:
all you need to do is send off an email
and a copy of the code in question to the correct
authorities.

that automatically grants authorisation to distribute
said code, under an open source license.

luke

On Sun, Jun 03, 2001 at 08:02:20PM +0200, Sander Striker wrote:
> Hi,
> 
> Maybe a bit off topic, but are there still legal issues with
> DES implementations? I mean, if someone submitted a patch
> would it be possible to include des in apr-util/crypto, or
> would this be problematic. DES is still in use in a variety
> of things, so providing the functionality wouldn't be that
> strange I think.
> 
> Thoughts anyone,
> 
> Sander

Re: Legal issues, DES

Posted by Greg Stein <gs...@lyra.org>.

On Sun, Jun 03, 2001 at 02:16:48PM -0400, Cliff Woolley wrote:
> On Sun, 3 Jun 2001, Sander Striker wrote:
> 
> > Maybe a bit off topic, but are there still legal issues with
> > DES implementations? I mean, if someone submitted a patch
> > would it be possible to include des in apr-util/crypto, or
> > would this be problematic. DES is still in use in a variety
> > of things, so providing the functionality wouldn't be that
> > strange I think.
> 
> Legal issues aside, my only worry is that we seem to be duplicating more
> and more of the effort of the OpenSSL team...

I don't think there are legal issues, but crypt() is widely available. I
really don't think it should be in APRUTIL.

As I said before: on platforms where crypt() might /not/ be available,
applications should just use SHA1 or MD5 hashing instead of DES. And yes, I
realize that legacy apps may need crypt() on those poor platforms; but that
is such a minority, that I'd rather not see it in APR.

We have the APR_HAS_* macros for a reason. In this case, APR_HAS_CRYPT would
be zero.

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/

Re: Legal issues, DES

Posted by Cliff Woolley <cl...@yahoo.com>.

On Sun, 3 Jun 2001, Sander Striker wrote:

> Maybe a bit off topic, but are there still legal issues with
> DES implementations? I mean, if someone submitted a patch
> would it be possible to include des in apr-util/crypto, or
> would this be problematic. DES is still in use in a variety
> of things, so providing the functionality wouldn't be that
> strange I think.

Legal issues aside, my only worry is that we seem to be duplicating more
and more of the effort of the OpenSSL team...

--Cliff

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA