I want to use SSH version 2 (in OpenSSH) so I have the strong session
integrity with md5-hmac or sha1-hmac (this is why v2 was created, right?),
but I also want to use RSA keys and authentication (not DSA).  Right now
I am testing this out to be ready for Sept 20.  But it seems OpenSSH does
not even do RSA at all when v2 of the protocol is running.  Is there any
way to get RSA working in version 2?  Or is it not implemented for some
reason in v2 (it wouldn't be the patent issue, because not everyone is
subject the patent and RSA is in v1).

--
| Phil Howard - KA9WGN | My current websites: linuxhomepage.com, ham.org
| phil  (at)  ipal.net +----------------------------------------------------
| Dallas - Texas - USA | phil-evaluates-email-ads-750-dollars-e...@ipal.net

not yet. the is no spec for RSA keys similar to "ssh-dss".

On 15 Jul 2000 13:48:28 GMT Markus Friedl <msfri...@cip.informatik.uni-erlangen.de> wrote:

|> Is there any way to get RSA working in version 2?
|
| not yet. the is no spec for RSA keys similar to "ssh-dss".

I have no idea what you said.  But it sounds like you are trying to say
that the protocol doesn't allow RSA.  So why not?

--
| Phil Howard - KA9WGN | My current websites: linuxhomepage.com, ham.org
| phil  (at)  ipal.net +----------------------------------------------------
| Dallas - Texas - USA | phil-evaluates-email-ads-750-dollars-e...@ipal.net

Because it is patented.

On 15 Jul 2000 15:02:06 GMT Bruno Wolff III <br...@cerberus.csd.uwm.edu> wrote:
| On Sat, 15 Jul 2000 14:05:40 GMT, phil-news-nos...@ipal.net <phil-news-nos...@ipal.net> wrote:
|>On 15 Jul 2000 13:48:28 GMT Markus Friedl <msfri...@cip.informatik.uni-erlangen.de> wrote:
|>
|>|> Is there any way to get RSA working in version 2?
|>|
|>| not yet. the is no spec for RSA keys similar to "ssh-dss".
|>
|>I have no idea what you said.  But it sounds like you are trying to say
|>that the protocol doesn't allow RSA.  So why not?
|
| Because it is patented.

It's in version 1.  Was it NOT patented then?

The patent does not apply everywhere in the world.  Why not give a choice
to those for who are not affected?

I can understand making sure a protocol spec allowed complete operation
using no patented technology.  Choose DSA and you're there.  But that
isn't a reason to NOT provide for a choice of negotiated algorithms and
assigning codes to known algorithms that might be usable.

The patent expires on Sept 20.  That's getting close.  Now I can see not
distributing actual code that can do RSA until after that date, but to
not put in it a protocol spec?  How can people plan for release on the
big day?

Isn't the actual RSA code in LIBSSL anyway (native or rsaref)?  Why would
patented technology be in a free source project like that?

--
| Phil Howard - KA9WGN | My current websites: linuxhomepage.com, ham.org
| phil  (at)  ipal.net +----------------------------------------------------
| Dallas - Texas - USA | phil-evaluates-email-ads-750-dollars-e...@ipal.net

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In article <sn176gofnd...@news.supernews.com>, phil-news-nos...@ipal.net
wrote:

On the offchance that you're not just trolling, I'll try to explain.  You seem
to be confusing the standard with the implementation.

ssh, now known as ssh1, was developed by Tatu Ylonen.  It is a de-facto
standard.  Tatu Ylonen used RSA for the public key crypto in ssh1.  Anything
that needs to interoperate with ssh1 will thus use RSA, which is possible for
non-commercial use in the USA and Canada using the RSAREF library.

SECSH, also known as ssh2, is an IETF standard (currently in draft status).
The IETF avoids setting standards that require users to practice patents
unless there is no other alternative.  ElGamal public key encryption with DSS
is a good alternative, so there is no need to include RSA in SECSH.  Anything
that needs to support SECSH has no need for RSA.

Now for implementation.  If you build a client and server that do both ssh1
and ssh2, you'll have to include RSA for the ssh1 part.  Note well, however,
that including ssh1 support in one particular implementation that also happens
to do SECSH doesn't somehow cause the SECSH standard to be modified to use
RSA.

Richard

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.2
Comment: www.europarl.eu.int/dg4/stoa/en/publi/166499/execsum.htm

iQA/AwUBOXCuixB2T0HVdBSREQLXjQCgtYzcaq7Y0ZmqMVPLOOJ5i1v3xyMAoLWC
+oTVBah3MRJ6eF+O3rIBC6l2
=+W2X
-----END PGP SIGNATURE-----

--
To reply via email, make sure you don't enter the whirlpool on river left.

My mailbox. My property. My personal space. My rules. Deal with it.
                        http://www.river.com/users/share/cluetrain/

Er, this last sentence has an error in it.

The RSA patent is not valid in Canada.  I suspect that RSA would feel
badly about the export of RSAREF into Canada where their licence is
not valid; on the other hand, I know of nothing that says it cannot be
shipped to Canada.  However since us Canadians can run OpenSSL-based
code, or any other RSA implimentation for that matter, why the heck
would we want to use their crappy, buggy, non-free library?

--
This space not left unintentionally unblank.            dera...@openbsd.org
Open Source means some restrictions apply, limits are placed, often quite
severe. Free Software has _no_ serious restrictions.  OpenBSD is Free Software.

On Sat, 15 Jul 2000 12:34:11 -0600 Richard Johnson <rn...@whirlpool.river.com> wrote:

| On the offchance that you're not just trolling, I'll try to explain.  You seem
| to be confusing the standard with the implementation.

No trolling here.  I am damned serious about this.  And I do know the
difference between a standard and an implementation.

| ssh, now known as ssh1, was developed by Tatu Ylonen.  It is a de-facto
| standard.  Tatu Ylonen used RSA for the public key crypto in ssh1.  Anything
| that needs to interoperate with ssh1 will thus use RSA, which is possible for
| non-commercial use in the USA and Canada using the RSAREF library.

So OpenSSH violated the patent in the USA and Canada with version 1.

| SECSH, also known as ssh2, is an IETF standard (currently in draft status).
| The IETF avoids setting standards that require users to practice patents
| unless there is no other alternative.  ElGamal public key encryption with DSS
| is a good alternative, so there is no need to include RSA in SECSH.  Anything
| that needs to support SECSH has no need for RSA.

While issues about things like what is patented are fairly objective, there
are differing opinions on the merits of different algorithms, especially when
it comes to which algorithm is "adequate" to use.

A standard can be created which specifies a number of different algorithms
that can be used, by listing a mapping between each algorithm and a code to
negotiate that algorithm (the code can be an index into a bit map, for example).
That same standard can make one or more of the algorithms mandatory, and the
remaining would be optional.  An implementation would comply with the standard
if it only supported the mandatory algorithms.

| Now for implementation.  If you build a client and server that do both ssh1
| and ssh2, you'll have to include RSA for the ssh1 part.  Note well, however,
| that including ssh1 support in one particular implementation that also happens
| to do SECSH doesn't somehow cause the SECSH standard to be modified to use
| RSA.

I do agree that if the standard did not specify how to negotiate RSA, then
an implementation that added it (without using any "implementation usable
codes") would be in conflict with the standard.

My point is that I see no reason that the standard could not have specified
how RSA is negotiated and make it strictly optional.  This is of course my
opinion, but I do feel that totally excluding patented technology from a
standard (as opposed to the good principle of making a mandatory level of
the standard that uses no patented technology) is something that makes the
open standards less attractive.  It can result in commercial products not
using the open standard at all (because there isn't an option to use other
facilities) and subsequently result in de-facto or proprietary standards
being developed and coming into major use, which I think you would agree
would be a bad thing.

This isn't all that different than the GNU vs BSD licensing philosophy.
A standard that required only non-patent technology would be like the GNU
philosophy of licensing, and a standard that required non-patent technology
at a minimum but provided for a means for those allowed (either by having
a license or by being outside of the scope of the patent) to use something
like RSA to use it when both sides allowed for it, would be like the BSD
licensing philosphy.  I had assumed that much of this development came from
this with a preference for the BSD philosophy, but I guess I am wrong.

Is specifying patented technology as an option in a standard a violation
of that patent, even if the standard is written within the jusridiction of
that patent (such as the USA)?

Another point:  the patent in the USA expires on Sept 20, 2000.  People
have been aware of this for a long time.  Some are counting the days now.
Why the standards developers do not seem to be aware of this I do not yet
understand.

I would like to see an explanation of why RSA cannot be an option in the
standard, given these and other points I have made.  As to the OpenSSH
implementation, that is of course a different issue.  But it already has
tread into the realm of distributing something that uses RSA (SSL being
the place where the actual implementation is) via version 1.  Of course,
version 2 could well be its escape from RSA.  And given that OpenSSH comes
from Canada where apparently RSA is also patented (when does it expire
there?), I could see problems in that regard.  But they don't appear to
be all that serious at this time.

Even if OpenSSH (the implementation) cannot be distributed with RSA due to
patent issues in Canada, I should be able to hack a version that adds in
RSA (by just using the code already in LIBSSL like it does in version 1,
but with version 2's stronger integrity protocol and better hashing), even
though being in the USA I would be limited in how I can legally redistribute
that.  The standard should not preclude the optional use of RSA or any other
algorithm.

While I believe RSA is better than DSA, and I have read enough to actually
understand how the algorithms work, I am certainly not an expert on these.
If RSA was fundamentally flawed, I would not necessarily know this from
just knowing the algorithmic steps involved.  Whether RSA is better than
DSA or DSA is better than RSA I do have to leave up to those who have the
mathematical skills to analyze them.  Once the ranking and levels of each
are established, however, it is back into my realm of decision to decide
which algorithm is adequate for my needs.  I've had a few people already
tell me that DSA is adequate security and they had zero input about what
my needs are (they may indeed be right, but that's not their call).

My goal was to be ready to fire up an SSH session on the big day (not
sure if that means on Sept 20 is the last day the patent is in force
or the first day it is not in force, but I was hoping to figure that out
before then) and use the RSA protocol, and give a big whooping cheer when
I do it.  I'm sure a lot of people might like to celebrate that way.  So
OpenSSH apparently won't be the way to do that, and the copyright on the
commercial product puts a damper on the concept.

I guess I have to go do RSA via HTTP instead.

And yes, DSA will be adequate for my SSH sessions.  I wanted to use RSA
for the symbolism of it on the big day.

--
| Phil Howard - KA9WGN | My current websites: linuxhomepage.com, ham.org
| phil  (at)  ipal.net +----------------------------------------------------
| Dallas - Texas - USA | phil-evaluates-email-ads-750-dollars-e...@ipal.net

    Phil> | Anything that needs to interoperate with ssh1 will thus use RSA,
    Phil> | which is possible for non-commercial use in the USA and Canada
    Phil> | using the RSAREF library.

    Phil> So OpenSSH violated the patent in the USA and Canada with
    Phil> version 1.

My understanding is that the mere existence of an implementation doesn't
violate anything; it's a matter of use.  A patent allows the patent holder
to define the conditions of use of an invention.  PKP generally requires a
licensing fee for commercial use of the RSA algorithm.  Thus, someone
using OpenSSH protocol 1 support in a commercial context (as defined by
PKP) would be violating PKP's patent rights.

    Phil> A standard can be created which specifies a number of different
    Phil> algorithms that can be used ... That same standard can make one
    Phil> or more of the algorithms mandatory, and the remaining would be
    Phil> optional.  An implementation would comply with the standard if
    Phil> it only supported the mandatory algorithms.

This is exactly how the current SSH protocol is designed.

    Phil> My point is that I see no reason that the standard could not
    Phil> have specified how RSA is negotiated and make it strictly
    Phil> optional.  
    Phil> ...
    Phil> Another point: the patent in the USA expires on Sept 20, 2000.
    Phil> People have been aware of this for a long time.  Some are
    Phil> counting the days now.  Why the standards developers do not seem
    Phil> to be aware of this I do not yet understand.

They are aware.  In correspondence on the SECSH working group mailing
list, I have been told that they plan to add definitions for RSA as an
optional public-key algorithm when the patent expires.  In fact, the
likely specifics for those definitions have been in use for some time in
the F-Secure SSH2 commercial product, as the "ssh-rsa" key format.

I agree that I don't see the point in waiting to add the language to the
spec, but I have not heard the rationale.

--
  Richard Silverman
  sl...@shore.net

Well, apparently you are very unclear about a number of points.

Incorrect.  Bucko, you better go back to school and learn what patents are.

While you're at it, learn how to research things, make correct statements,
and not call other people's actions criminal.

--
This space not left unintentionally unblank.            dera...@openbsd.org
Open Source means some restrictions apply, limits are placed, often quite
severe. Free Software has _no_ serious restrictions.  OpenBSD is Free Software.

the protocol does not specify who RSA keys and signatures are encoded.

see draft-ietf-secsh-transport-07.txt

-markus

On 15 Jul 2000 22:11:39 -0400 Richard E. Silverman <sl...@shore.net> wrote:

| My understanding is that the mere existence of an implementation doesn't
| violate anything; it's a matter of use.  A patent allows the patent holder
| to define the conditions of use of an invention.  PKP generally requires a
| licensing fee for commercial use of the RSA algorithm.  Thus, someone
| using OpenSSH protocol 1 support in a commercial context (as defined by
| PKP) would be violating PKP's patent rights.

That was my original understanding, too.

|     Phil> A standard can be created which specifies a number of different
|     Phil> algorithms that can be used ... That same standard can make one
|     Phil> or more of the algorithms mandatory, and the remaining would be
|     Phil> optional.  An implementation would comply with the standard if
|     Phil> it only supported the mandatory algorithms.
|
| This is exactly how the current SSH protocol is designed.

Except that the (draft) standard (as described) for SSHv2 does not have
but one choice for the authentication PK algorithm (dsa).

|     Phil> My point is that I see no reason that the standard could not
|     Phil> have specified how RSA is negotiated and make it strictly
|     Phil> optional.  
|     Phil> ...
|     Phil> Another point: the patent in the USA expires on Sept 20, 2000.
|     Phil> People have been aware of this for a long time.  Some are
|     Phil> counting the days now.  Why the standards developers do not seem
|     Phil> to be aware of this I do not yet understand.
|
| They are aware.  In correspondence on the SECSH working group mailing
| list, I have been told that they plan to add definitions for RSA as an
| optional public-key algorithm when the patent expires.  In fact, the
| likely specifics for those definitions have been in use for some time in
| the F-Secure SSH2 commercial product, as the "ssh-rsa" key format.
|
| I agree that I don't see the point in waiting to add the language to the
| spec, but I have not heard the rationale.

It's rather US-centric of them.  Suppose the patent was going to be in force
in the US for another 10 years.  Would they reject RSA an an option for the
rest of the world -AND- for commercial uses that do obtain a license?  What
if some new more wonderful algorithm comes along, but comes from commercial
development is has a patent on it for the next 17 years?  Those are the things
I think we need to hear about WRT to the standards process.

--
| Phil Howard - KA9WGN | My current websites: linuxhomepage.com, ham.org
| phil  (at)  ipal.net +----------------------------------------------------
| Dallas - Texas - USA | phil-evaluates-email-ads-750-dollars-e...@ipal.net

On 15 Jul 2000 23:22:09 -0600 Theo de Raadt <dera...@zeus.theos.com> wrote:
|
|> On Sat, 15 Jul 2000 12:34:11 -0600 Richard Johnson <rn...@whirlpool.river.com> wrote:
|>
|> | On the offchance that you're not just trolling, I'll try to explain.  You seem
|> | to be confusing the standard with the implementation.
|>
|> No trolling here.  I am damned serious about this.  And I do know the
|> difference between a standard and an implementation.
|
| Well, apparently you are very unclear about a number of points.

You have the floor.  Clarify!

Ever heard of the concept of being brief?

I have had several people who I think should know, because they at
least claim to know, the details, but then they expect me to explain
it to them for some reason.  Well I know damned well that you know
how all this works.  So I'm not going to explain it to you.

|> | ssh, now known as ssh1, was developed by Tatu Ylonen.  It is a de-facto
|> | standard.  Tatu Ylonen used RSA for the public key crypto in ssh1.  Anything
|> | that needs to interoperate with ssh1 will thus use RSA, which is possible for
|> | non-commercial use in the USA and Canada using the RSAREF library.
|>
|> So OpenSSH violated the patent in the USA and Canada with version 1.
|
| Incorrect.  Bucko, you better go back to school and learn what patents are.

Follow the thread.  I'm re-iterating his statement.  I see you are still
acting like the Theo numbers of people tell me about who jumps on any
opportunity to make personal attacks.

| While you're at it, learn how to research things, make correct statements,
| and not call other people's actions criminal.

See above.

--
| Phil Howard - KA9WGN | My current websites: linuxhomepage.com, ham.org
| phil  (at)  ipal.net +----------------------------------------------------
| Dallas - Texas - USA | phil-evaluates-email-ads-750-dollars-e...@ipal.net

You said that OpenSSH violated the patent in Canada.

Noone else said that -- just you.  What you said does not follow from what the
other guy said.

So, no, you said it, and it's wrong.

I am not making a personal attack, rather, I am saying that you should
research things a lot better before making stupid statements.

OpenSSH violates no patents.

We don't ship with RSA code in our source tree; we don't sell RSA
code; and we don't use RSA in a commercial way inside the US.

We do not violate any patent rules.  Nor could we, even if we wanted
to, since we're not writing this thing in the US.

You better go back to research what the limitations and rules of
patents are, BUCKO.

--
This space not left unintentionally unblank.            dera...@openbsd.org
Open Source means some restrictions apply, limits are placed, often quite
severe. Free Software has _no_ serious restrictions.  OpenBSD is Free Software.

On 16 Jul 2000 18:45:46 -0600 Theo de Raadt <dera...@zeus.theos.com> wrote:
|
|> |> | ssh, now known as ssh1, was developed by Tatu Ylonen.  It is a de-facto
|> |> | standard.  Tatu Ylonen used RSA for the public key crypto in ssh1.  Anything
|> |> | that needs to interoperate with ssh1 will thus use RSA, which is possible for
|> |> | non-commercial use in the USA and Canada using the RSAREF library.
|> |>
|> |> So OpenSSH violated the patent in the USA and Canada with version 1.
|> |
|> | Incorrect.  Bucko, you better go back to school and learn what patents are.
|>
|> Follow the thread.  I'm re-iterating his statement.  I see you are still
|> acting like the Theo numbers of people tell me about who jumps on any
|> opportunity to make personal attacks.

I'm concluding what he said.  If my conclusions were flawed address that.
But you didn't.  You choose instead to make personal attacks.

He established that the patent exists in Canada (something I would not
have to be aware of since I am not in Canada).  He also said in previous
words not quoted here that the reason RSA is not included in SSH version
2 is because it violates the patent.  If it violates the patent and the
patent is in force in Canada, then it violates the patent ... in Canada.
That was the conclusion I drew from his statement.

You believe the conclusion is wrong?  Is it the logic that is wrong?
State the error if so.  Are the facts wrong?  State which facts are
wrong and what the truth is.

| I am not making a personal attack, rather, I am saying that you should
| research things a lot better before making stupid statements.

I'm not making statements.  I'm reaching conclusions from the facts being
presented in this form of research.  You aren't pointing out that this is
a flawed way to do it, but instead, choose only to claim that I am making
stupid statements when it is you that didn't follow through the whole
thread and jumped to a conclusion.

| OpenSSH violates no patents.

Maybe it doesn't.  You can explain why RSA is not in version 2, and at the
same time refute statements by others where they have said that the reason
RSA is not in version 2 is that it violates the patent.  Why would it
violate the patent in version 2 and not version 1?

Maybe the statement that it violates it in version 2 is wrong.  My
conclusion was that if it (would) violate it version 2 then it must be
violating it in version 1 (to whatever extend that might happent to be,
which I do not know with respect to Canada).

| We don't ship with RSA code in our source tree; we don't sell RSA
| code; and we don't use RSA in a commercial way inside the US.

It isn't about shipping.  It's about using.

| We do not violate any patent rules.  Nor could we, even if we wanted
| to, since we're not writing this thing in the US.

Writing it in the US would not violate the patent in the US.  USING it
is what would (regardless of where it is written).  The reason crypto
is not developed in the US is because strong crypto cannot be exported.
The patent has nothing to do with the development.  It has everything
to do the with the USAGE.

| You better go back to research what the limitations and rules of
| patents are, BUCKO.

You seem to be the one that needs to do this, unless patent laws are
entirely different in Canada.  Patents of algorithms apply to how they
are used.  I've already dealt with this regarding GIF patent laws here,
and the law isn't any different for the RSA patent.  If I installed
OpenSSH in a commercial environment and used version 1 which as you do
know is based on RSA, this violates the patent.  OpenSSH is not literally
violating it, but the use of it is.  Does OpenSSH violate the patent?
It does when the context is in reference to its use, which was established
earlier in the thread when a statement was first made (not by me) that
it violates the patent.  I did understand what was not literally said in
that statement that it was in reference to the use.  You either didn't,
or you didn't read that part of the thread.

--
| Phil Howard - KA9WGN | My current websites: linuxhomepage.com, ham.org
| phil  (at)  ipal.net +----------------------------------------------------
| Dallas - Texas - USA | phil-evaluates-email-ads-750-dollars-e...@ipal.net