How Free is BIND 8.2?

Bun writes "It looks like one of the foundations of the Internet may no longer be truly "Open Source". Apparently, the license restrictions on BIND 8.2 do not meet the Debian Free Software Guidelines (DFSG). Check out the Linux Weekly News for details. "

Being worked out.

[Razron]

The problems are being worked out.

The reason it is going to have problems is because
they are adding RSA into the newer version to
allow security transfers of zone files.

They are trying to add an option to have no rsa
as a build option.

Re:Diffie Hellman

[disappear]

> Why didn't the BIND folks use Diffie-Hellman
> instead? Couldn't this section of BIND be
> rewritten to use Diffie-Hellman?

Well, it could be, but D-H is broken. (See Schnier's _Applied_Cryptography_ for details.) The D-H patents only mattered (until they expired) because they applied to all future, better ways of doing the same thing. (Because that's what patents protect.)

> How is it that you are allowed to export the
> source code for RSA as long as you intend to use
> it for authentication?

Because that's the law. (Well, Federal Regulation, actually, but enforced as law.) Encryption code used only for authentication and not actually for encryption (ie, digital signature-only stuff) is 100% exportable. (Read Schnier for more, again.)

Of course (not that there's really any 'of course' about it), you can pretty much turn any digital signature software into data encryption. So it really doesn't make much difference.


> Can I export a cruise missle to Libya as long as > it's intended to be used as a lawn ornament?

Depends how much the Lybians contribute to the next presidential campaign. (Hey, it worked for the Chinese!)