See COPYRIGHT file included in tarball. All all free software licenses. @Licenses team: RSA-PKCS11 is has identical wording as RSA-MD5, except for the following two substitutions: s/RSA Data Security/RSA Security/ s/MD5 Message-Digest Algorithm/PKCS #11 Cryptographic Token Interface (Cryptoki)/ I'll therefore add it to the MISC-FREE license group, too.
Fixed in 9.9.2. Do you want me to keep that bug open?
RSA-PKCS11 added to @MISC-FREE. Closing.
As suggested by hanno, I've merged all licenses/RSA-* into a RSA license template. I've updated bind{,-tools} accordingly (also for the stable branch, so that the packages don't appear in my scan any more).
Why were these added to @MISC-FREE, considering they do not allow for distribution of derived works?
(In reply to comment #4) > Why were these added to @MISC-FREE, considering they do not allow for > distribution of derived works? I think that we are fine here, because the status of that code has been clarified. See <http://www.ietf.org/ietf-ftp/IPR/RSA-MD-all>: The following was recevied Fenbruary 23,2000 From: "Linn, John" <jlinn@rsasecurity.com> February 19, 2000 The purpose of this memo is to clarify the status of intellectual property rights asserted by RSA Security Inc. ("RSA") in the MD2, MD4 and MD5 message-digest algorithms, which are documented in RFC-1319, RFC-1320, and RFC-1321 respectively. Implementations of these message-digest algorithms, including implementations derived from the reference C code in RFC-1319, RFC-1320, and RFC-1321, may be made, used, and sold without license from RSA for any purpose. No rights other than the ones explicitly set forth above are granted. Further, although RSA grants rights to implement certain algorithms as defined by identified RFCs, including implementations derived from the reference C code in those RFCs, no right to use, copy, sell, or distribute any other implementations of the MD2, MD4, or MD5 message-digest algorithms created, implemented, or distributed by RSA is hereby granted by implication, estoppel, or otherwise. Parties interested in licensing security components and toolkits written by RSA should contact the company to discuss receiving a license. All other questions should be directed to Margaret K. Seif, General Counsel, RSA Security Inc., 36 Crosby Drive, Bedford, Massachusetts 01730. Implementations of the MD2, MD4, or MD5 algorithms may be subject to United States laws and regulations controlling the export of technical data, computer software, laboratory prototypes and other commodities (including the Arms Export Control Act, as amended, and the Export Administration Act of 1970). The transfer of certain technical data and commodities may require a license from the cognizant agency of the United States Government. RSA neither represents that a license shall not be required for a particular implementation nor that, if required, one shall be issued. DISCLAIMER: RSA MAKES NO REPRESENTATIONS AND EXTENDS NO WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, VALIDITY OF INTELLECTUAL PROPERTY RIGHTS, ISSUED OR PENDING, OR THE ABSENCE OF LATENT OR OTHER DEFECTS, WHETHER OR NOT DISCOVERABLE, IN CONNECTION WITH THE MD2, MD4, OR MD5 ALGORITHMS. NOTHING IN THIS GRANT OF RIGHTS SHALL BE CONSTRUED AS A REPRESENTATION OR WARRANTY GIVEN BY RSA THAT THE IMPLEMENTATION OF THE ALGORITHM WILL NOT INFRINGE THE INTELLECTUAL PROPERTY RIGHTS OF ANY THIRD PARTY. IN NO EVENT SHALL RSA, ITS TRUSTEES, DIRECTORS, OFFICERS, EMPLOYEES, PARENTS AND AFFILIATES BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND RESULTING FROM IMPLEMENTATION OF THIS ALGORITHM, INCLUDING ECONOMIC DAMAGE OR INJURY TO PROPERTY AND LOST PROFITS, REGARDLESS OF WHETHER RSA SHALL BE ADVISED, SHALL HAVE OTHER REASON TO KNOW, OR IN FACT SHALL KNOW OF THE POSSIBILITY OF SUCH INJURY OR DAMAGE.
(In reply to comment #5) > I think that we are fine here, because the status of that code has been > clarified. See <http://www.ietf.org/ietf-ftp/IPR/RSA-MD-all>: I've added this clarification to licenses/RSA. It applies only to the message digest algorithms though. Concerning RSA-PKCS11, i.e. the pkcs11*.h header files: There is a free replacement available from http://www.scute.org/ (which is for example included with openssh). Also, the original header files are included in Mozilla, where they have been relicensed to || ( MPL-1.1 GPL-2+ LGPL-2.1+ ) and later to MPL-2.0: http://hg.mozilla.org/mozilla-central/annotate/c88e42c82970/security/nss/lib/util/pkcs11.h However, PKCS11 support is currently not included in bind and bind-tools because of bug 409687 (IIUC). So I'd suggest that we simply remove RSA from the LICENSE variable, for the time being. Reopening.
(In reply to comment #6) > However, PKCS11 support is currently not included in bind and bind-tools > because of bug 409687 (IIUC). So I'd suggest that we simply remove RSA from > the LICENSE variable, for the time being. Done.
