"On the other hand, here in OpenBSD land we will continue to strive to make our software more and more free. We've been squishing odd license terms which contain non-free restrictions throughout the source tree for about 2 years now.

once again, i think it is time to fork OpenSSL. It's obviously run by a bunch of people who don't think through the legal implications of their actions. they should NOT have accepted that code without it being 100% free. This donation is not free code.

Shame on you Sun, and double shame on you OpenSSL."

I've used OpenBSD for years (since the first release on CD), and if there's one thing I've learned in that time, it's that Theo Deraadt, good or bad, sticks by his guns.  He has dedicated the last few years to ensuring that OpenBSD stays "free," avoiding licenses that would restrict the use of the end product in ANY way.  He had a spat with Darrren Reed about a year ago over IPF, the definitive packet filter of the time.  Darren decided to insert some license terms which were in conflict with the BSD license.  At the time it seemed a bit reckless on the part of Theo as there was no sufficient replacement in sight, but the OpenBSD team, along with Daniel Hartmeier, managed to get a fully functional IPF replacement into OpenBSD in a few months.  Not only was it fully functional, but it was, in many ways, better than IPF, which has stagnated over the last few years due to its dominance in the arena.

Now Theo is crying foul over Sun's contribution of Eliptical Curve Cryptography to OpenSSL, an integral part of OpenBSD.  The specific language in contention is as follows:

  /* crypto/engine/tb_ecdh.c */
  /* ====================================================================
   * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
   *
   * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
   * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
   * to the OpenSSL project.
   *
   * The ECC Code is licensed pursuant to the OpenSSL open source
   * license provided below.
   *
   * In addition, Sun covenants to all licensees who provide a reciprocal
   * covenant with respect to their own patents if any, not to sue under
   * current and future patent claims necessarily infringed by the making,
   * using, practicing, selling, offering for sale and/or otherwise
   * disposing of the ECC Code as delivered hereunder (or portions thereof),
   * provided that such covenant shall not apply:
   *  1) for code that a licensee deletes from the ECC Code;
   *  2) separates from the ECC Code; or
   *  3) for infringements caused by:
   *       i) the modification of the ECC Code or
   *      ii) the combination of the ECC Code with other software or
   *          devices where such combination causes the infringement.
   *
   * The ECDH engine software is originally written by Nils Gura and
   * Douglas Stebila of Sun Microsystems Laboratories.
   *

The question is, is this going to furthur maginalize OpenBSD, which has been criticized over its rejection of IPF, or could they perhaps improve on OpenSSL, as I believe they've done with PF.  OpenSSL, as an integral part of Apache's secure solution, and the core of OpenBSD's own OpenSSH project, has a much wider reach than IPF did.  I'm not sure which way this will go, but I've always credited Theo for his convictions, which are largely responsible, despite recent problems, with the overall security of OpenBSD.  I hope this works out well for all involved.  In any case, I will continue to recommend OpenBSD where it's use is appropriate, and I'd suggest to anyone looking for a secure, open source solution to do the same.

I'm a few days behind on this one, but thought it was important enough to get caught up on.  Elliptic Curve Cryptography (ECC) promises to take a lot of the heavy lifting out of strong cryptography.  Currently the most popular public-key algorithms used in protocols like SSL are based on the difficuly of factoring large integers, and require a fair amount of CPU power to work.  ECC provides a computationally simpler path to the same end result.  Sun's providing this to the OpenSSL people should hopefully speed its acceptance in the real world and result in better encryption on smaller platforms.