>>>>> "Michael" == Michael D James <[EMAIL PROTECTED]> writes:
[...]
> Apache-SSL looks like a good choice since it's free, open source, we
> already know Apache, and it would be easy to get servlets working on it.
> The only problem is my boss doesn't believe its kosher. The Raven
> website says:
> Q: I was wondering what might make your SSL module for Apache superior to
> the already freely available patches such as Apache-SSL with SSLeay?
> R: U.S. Law requires that we use cryptography algorithms supplied by RSA
> corporation.
> Raven provides an affordable way for you to legally use Apache with
> SSL in the U.S.
> This implies there would be something illegal about using Apache-SSL. Is
> this a scare tactic? Our application is within the US only.
It's a patent issue. RSA (the company) owns the patents to RSA (the
public-key crypto) and so to legally use RSA crypto you need to purchase a
license. Hence Stronghold and, it seems also Raven. Yet another reason to
vote Libertarian.
Usual disclaimers apply that I'm not a lawyer, this is *not* legal advice,
get your own, competent, professional legal counsel.
Take care,
John
