This is the mail archive of the
libc-hacker@cygnus.com
mailing list for the glibc project.
Re: Integrating BIND 8.2
- To: zack@rabi.columbia.edu
- Subject: Re: Integrating BIND 8.2
- From: Richard Stallman <rms@gnu.org>
- Date: Thu, 1 Apr 1999 13:09:59 -0700 (MST)
- CC: libc-hacker@cygnus.com
- References: <199903310503.AAA21218@blastula.phys.columbia.edu>
- Reply-to: rms@gnu.org
Because of the problems of US export control, we have to make it
possible for the library to run without the inclusion of the
encryption code. This would be true even if all the other problems
went away--even if we had free implementations of everything necessary.
Meanwhile, we cannot recommend the use of RSAREF at all, since that is
not free software. If GPG is using RSAREF, that is a problem too.
RSAREF is restricted *based on its copyright*, which means these
restrictions apply even outside the US. If GPG provides an
implementation of RSA for use outside the US, it has to be a free
implementation, which RSAREF is not. I'll talk with the author about
this issue to make sure this is being done legally.
We could recommend the use of an alternative implementation of RSA
with BIND, provided it is free software available under a suitable
license, and comes from a site outside the US. Of course, using this
*in the US* at present would infringe the RSA patent, but that doesn't
stop someone from making it available outside the US.
But it would be better for us to provide and encourage the use of some
other algorithm, one that can be implemented with free software.
Some non-US-citizen could implement this, outside the US, but it could
be imported into the US and thus used everywhere.
Perhaps some of the code in GPG could be used as a basis for this. It
would be good for someone to check, but it should be a non-US-citizen
and should be done outside the US. US citizens and residents should
stay completely out of the technical matters concerning encryption
software.