From: "Lucky Green" <shamrock@netcom.com>
Date: Fri, 25 Dec 1998 21:35:37 +0800
To: <cryptography@c2.net>
Subject: RE: Sameers Theft  of Ben lauries Intellectual Property(i.e.apache
In-Reply-To: <199812250309.EAA07755@replay.com>
Message-ID: <000001be3009$9a806fe0$f3176dc2@lucky.zks.net>
MIME-Version: 1.0
Content-Type: text/plain



[Coderpunks distribution removed]
Anonymous wrote:
> For the clueless or history deficient
>
> C2 gots its start by purloining without compensation
> Ben Lauries Apache-SSL patches.... Sameer used these and then
> had the fucking gall to remove source from apache-ssl
> for the mod_ssl.c... all was rosy until Ralf releases
> a mod_ssl.c of his design... result??

I've heard a number of descriptions of the history of Apache-SSL-US (later
Stronghold) over the years, but Anon's version of history is not supported
by the facts.

First of all, Stronghold does not use a line of Ben's Apache-SSL code.
Hasn't for years. C2Net switched to the Sioux code base when they acquired
Sioux from Thawte. Which was a long time ago.

> C2's business worldwide took a nose dive...(layoffs etc)
> so now Sameer is trying to coopt Ralf's mod_ssl.c project
> (mark my words if Sameer gets his way the source for future
> verions will NOT be available no matter what he says now...)
> I seen it happen once so now when the litte sob trys it
> again I am blowing the whistle...(and retelling history openly)
> how about it Sameer are you now going to Sue the Mix network:) ?

[Out of courtesy, I won't comment on C2Net's present difficulties other than
that they have little to do with mod_ssl].

Fast forward a few years. Ralph releases mod_ssl, by all accounts a very
well done SSL integration with Apache. mod_ssl implements some much overdue
cleanups that for whatever reasons never made it into Ben's Apache-SSL. I
don't know if C2Net is moving to use mod_ssl, but given the quality of the
module, I would not be surprised. Either way, mod_ssl is under BSD-style
license and C2Net is free to use mod_ssl in their commercial products.

Meanwhile, troubles developed in SSLeay land. The entire recent discussion
about OpenSSL on the various lists must be rather confusing if one doesn't
know the current status of SSLeay. [Hint: it would be really nice if this
finally was announced by those who should be doing the announcement. Which
isn't me].

Suffice to say that it is unlikely in the extreme that SSLeay or the SSLapps
will continue to be maintained by their original development team, Eric
Young and Tim Hudson. Rather than complain about this turn of events, let's
all thank Eric and Tim for the awesome work they performed for cryptographic
freedom and the Internet community. Big thanks guys! Those that feel
inclined to complain about the situation are strongly encouraged to write an
open source software implementation of the importance, complexity, and size
of SSLeay prior to voicing their complaints.

With future SSLeay development in limbo, somebody needs to ensure continued
development. Unfortunately, the launch of such a framework was overshadowed
by Sameer and Ben slugging out their personal differences on mailing lists.
It was silly and downright rude for anyone to announce the formation of such
a group before first giving the usual suspects a courtesy heads-up. But this
too will hopefully be water under the bridge before long (just please
remember it for the next time). Meanwhile, the best of wishes for the
OpenSSL project.

[Disclaimer: I am an ex-C2Net employee]

Happy holidays,
--Lucky