From owner-freebsd-net@FreeBSD.ORG  Mon Jun 30 13:28:55 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2DEC037B401
	for <freebsd-net@freebsd.org>; Mon, 30 Jun 2003 13:28:55 -0700 (PDT)
Received: from daniel.ameriroots.com (daniel.ameriroots.com [64.249.12.251])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 266B043FA3
	for <freebsd-net@freebsd.org>; Mon, 30 Jun 2003 13:28:54 -0700 (PDT)
	(envelope-from orville@weyrich.com)
Received: from bashful.weyrich.com (bashful.weyrich.com [198.49.110.8])
	by btuyet.weyrich.com (8.11.3/8.11.3) with ESMTP id h5U4ljv49103
	for <freebsd-net@freebsd.org>; Sun, 29 Jun 2003 21:47:45 -0700 (MST)
	(envelope-from orville@weyrich.com)
Received: from localhost (orville@localhost)
	by bashful.weyrich.com (8.11.3/8.11.3) with ESMTP id h5U4Jb130865
	for <freebsd-net@freebsd.org>; Sun, 29 Jun 2003 21:19:37 -0700 (MST)
	(envelope-from orville@weyrich.com)
X-Authentication-Warning: bashful.weyrich.com: orville owned process doing -bs
Date: Sun, 29 Jun 2003 21:19:37 -0700 (MST)
From: "Orville R. Weyrich_Jr" <orville@weyrich.com>
X-X-Sender: <orville@localhost>
To: <freebsd-net@freebsd.org>
In-Reply-To: <BB21E605.155C1%mksmith@noanet.net>
Message-ID: <20030629211239.G22284-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: SSL
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jun 2003 20:28:55 -0000

I checked the Apache Web site and found an article from 1998 that said
that RSA had a patent on encryption needed for SSL in the USA.

Somewhere I recall hearing that the patent had expired. Is this true?

What I really need (want) is an inexpensive way to give my Apache server a
secure channel for users to log in without transmitting cleartext
passwords (the actual data after they log in is NOT sensitive, I just need
to know that it came from a trusted user).

Anybody have current information on how I can comply with US law and meet
my requirement as inexpensively as possible? I gather that I can be my own
certificate authority if the people running the web browsers trust me to
be who I say I am, but there is that pesky RSA license (?).

The application is a political organization, not a commercial venture if
that is of any benefit in obtaining pattent relief.

-------------------------------------------------------------------
Orville R. Weyrich, Jr.                 Weyrich Computer Consulting
mailto:orville@weyrich.com     KD7HJV        http://www.weyrich.com
-------------------------------------------------------------------