You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by Edouard De Oliveira <do...@yahoo.fr> on 2008/08/16 14:15:01 UTC

MD4 digest provider

Any problems regarding the use of a BouncyCastle jce provider dependency in the examples pom ?
In fact the proxy code needs an MD4 digest provider for NTLM proxying. This is a dependency we don't have 
to bind explicitly with the core code but we may need to advertise it. 
 Cordialement, Regards,
-Edouard De Oliveira-
http://tedorg.free.fr/en/main.php


      _____________________________________________________________________________ 
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr

Re: MD4 digest provider

Posted by Niklas Gustavsson <ni...@protocol7.com>.

On Sat, Aug 16, 2008 at 5:29 PM, Emmanuel Lecharny <el...@gmail.com> wrote:
> - follow the export rules : http://apache.org/dev/crypto.html.
>
> If we include BC encryption code into MINA, we have to declare MINA in the
> ASF Product Classification Matrix :
> http://apache.org/licenses/exports/#matrix

There is (or at least was) and issue with the BC jar in that it
contained an implementation of the patented IDEA algorithm:
http://mail-archives.apache.org/mod_mbox/www-legal-discuss/200508.mbox/%3C1AB1C8BD-B886-43C3-8D54-47B558B6DD66@apache.org%3E

if I recall correctly, Geronimo ended up with using a custom built jar
the excluded the affected classes. I don't think we want to get into
that mess, how about ripping out the very minimal subset we need and
including that into our sources (like with the MD5 case)?

/niklas

Re: MD4 digest provider

Posted by Emmanuel Lecharny <el...@gmail.com>.

Edouard De Oliveira wrote:
> Any problems regarding the use of a BouncyCastle jce provider dependency in the examples pom ?
> In fact the proxy code needs an MD4 digest provider for NTLM proxying. This is a dependency we don't have 
> to bind explicitly with the core code but we may need to advertise it. 
>   

BC license is ASL 2.0 compatible. You can use it, without any problem.

There are two things you need to do, however :
- add a reference to BC license in a notice file 
(http://www.bouncycastle.org/licence.html : "The above copyright notice 
and this permission notice shall be included in all copies or 
substantial portions of the Software." )
- follow the export rules : http://apache.org/dev/crypto.html.

If we include BC encryption code into MINA, we have to declare MINA in 
the ASF Product Classification Matrix :
http://apache.org/licenses/exports/#matrix

This is the PMC role to handle this, IFAIK.

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org