Re: New License Request: RSA-MD

Philippe Ombredanne

On Wed, Jan 28, 2015 at 9:10 AM, Sam Ellis <Sam.Ellis@...> wrote:
I'd like to request the addition of RSA's Message-Digest license to the SPDX License List.
I have seen two variants of this license for MD4 and MD5 algorithms, with the difference
between these being only the copyright line and the name of the algorithm, and thus
it may be possible to represent both of these with a single license template.
Details of the proposed addition is as follows:

Full Name: RSA Message-Digest License
Short identifier: RSA-MD
URL: Can be seen in Appendix A of the published MD5 standard:
OSI Approved: No
Specimens: Plain text copies of MD4 and MD5 license are attached to this email.
Evidence of use:

An example of both MD4 and MD5 can be found here, by searching for

A quick search on the internet shows that the license can be easily found in other
software too, for example:
I agree with you, both licenses are common enough in the wild.

Both the MD4 and MD5 notices are found in RFCs, which is a good
reference URL IMHO as they were crafted and submitted there by Ron
Rivest from RSA.

MD4: page 6/7:
MD5: page 7:

Another common occurence for these is in the cURL codebase:

Note: the same license can be found in the PKCS-11 / Cryptoki code at:
such as in:

Since the MD4, MD5 and Cryptoki licenses variations are limited to the
algorithm names it could be great if someone from RSA/EMC legal could
chime in on the templating... that would make things much simpler for

Finally there is also the less common MD2: See page 6:
It has a similar but different text so is another one altogether and
may not yet warrant an SPDX inclusion.
It is restricted to email: "License to copy and use this software is
granted for non-commercial Internet Privacy-Enhanced Mail"
You can find it in original BSD distributions such as Freebsd: (NB: together
with the md4 and md5 code and licenses)

Philippe Ombredanne

+1 650 799 0949 | pombredanne@...
DejaCode : What's in your code?! at
nexB Inc. at

Join to automatically receive all group messages.