Date: Wed, 19 Nov 1997 22:11:33 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: "Randy A. Katz" <randyk@ccsales.com> Cc: Shawn Ramsey <shawn@luke.cpl.net>, questions@freebsd.org Subject: Re: Apache-SSL Message-ID: <Pine.BSF.3.95.971119215901.21740S-100000@alive.znep.com> In-Reply-To: <3.0.5.32.19971119194741.03203100@ccsales.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 19 Nov 1997, Randy A. Katz wrote: > When I asked the Stronghold people they said that it was not legal to use > it. When I questioned further they said that is because RSA has the > authority and Stronghold has an exclusivity agreement with them...I called There is no exclusive clause of any sort. > RSA and they told me yes. Stronghold has an agreement with them but they > allow others to use RSA encryption behind web site...and one of the ones > they said was OK was Apache SSL...no problem. > > Went back to Stronghold, asked why they lied...they denied it and told me > RSA might come after me and that I would have to pay $30,000 to get an > arrangement with RSA like they do...RSA said they didn't understand and > Apache SSL is fine and so forth... Erm... no. RSA has a patent on certain technology which is required to implement SSLv2. That means that, where their patent applies (ie. in the US), they have control over who uses it. There are free implementations that they have licensed for non-commercial use. For commercial use, you need a license from RSA. >From RSA's FAQ: Question 22. Is RSA Patented? RSA is patented under U.S. Patent 4,405,829, issued September 20, 1983 and held by RSA Data Security, Inc. of Redwood City, California; the patent expires 17 years after issue, in 2000. RSA Data Security has a standard, royalty-based licensing policy which can be modified for special circumstances. The U.S. government can use RSA without a license because it was invented at MIT with partial government funding. In the U.S., a license is needed to "make, use or sell" RSA. However, RSA Data Security usually allows free non-commercial use of RSA, with written permission, for academic or university research purposes. Furthermore, RSA Laboratories has made available (in the U.S. and Canada) at no charge a collection of cryptographic routines in source code, including the RSA algorithm; it can be used, improved and redistributed non-commercially (see Question 174). I would contact RSA and confirm what they are talking about. They may be referring to non-commercial use. I have heard that they have stated that they won't go after people using SSL without licenses, however you would be foolish to treat that as a promise. > > I WILL NEVER DO BUSINESS WITH STRONGHOLD EVEN IF THEY HAVE A GREAT PRODUCT. That is your choice. FYI, the company that produces Stronghold is called C2Net. I would suggest, however, that you are a bit confused about the real issues involved in RSA patents. You may have got vague or misleading answers from RSA and/or C2Net; it is easy to interpret something that is technically correct in a different fashion. There is a lot more to StrongHold than what the Apache-SSL patches contain.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.971119215901.21740S-100000>