Here's an excerpt and an URL to begin some research.
www.apacheweek.com/features/ssl
Encryption Patents and RSA
Commercial servers such as Netscape base their SSL implementations on
ciphers that are developed and patented by RSA Data Security in the US.
Use of this technology normally requires a license fee inside the US. If
Apache-SSL or mod_ssl is imported into the US, then any user would have to
arrange to pay the appropriate license for the patented encryption
methods which are part of SSLeay (although non-commercial users can use a
license-free implementation of RSA, called RSAref). It may be difficult
for an individual to license RSA. The alternative to paying the RSA
license
individually is to buy a commercial version of Apache with SSL for which
RSA has already been licensed by the developer. Examples of such products
are the Apache module Raven and the web server Stronghold. Stronghold
is developed outside the US so it can also be used with full 128-bit
encryption outside the US and Canada. Raven is not
available outside the US and Canada with 128-bit security.
Outside the US, no license fee is required for the use of the RSA
methods because they are only patented inside the US and SSLeay uses an
independant implementation of the cipher algorithms. This means
that outside the US Apache-SSL and mod_ssl can be used for free.
Having got a server, the final thing required before
it can be used for secure transactions is a certificate.
-----------------------------------
On Tue, 11 Jan 2000, Derek Beattie wrote:
> Now I'm really confused. Is there anyway for me to setup apache with ssl
> without paying someone for a licenese? In the book I have it says...
>
> In addition, US sites will need the RSAREF library to comply with patent
> restriction.
>
> --- Ron Parker <[EMAIL PROTECTED]> wrote:
> > You guys probably have this figured out already but ... As Emile stated
> > it's the RSA that's a problem for US users. If you compile from source you
> > can't use the RSA algorythym with your SSL enabled apache.
> >
> > A solution that's mentioned in the mod_ssl pages, I think that's where
> > I've read this, is to purchase a cheap commercial binary that includes a
> > license for RSA. Then compile your own SSL enabled apache using the RSA
> > with the intent to claim that you're applying the license you purchased to
> > the RSA that you've compiled. Apparently this is being done in the US
> > whether it would stand up in a court of law is pretty doubtful.
> >
> > Red Hat costs around $100 and ships with the source because of the GPL or
> > whatever license originally covers apache. Is doesn't ship with source so
> > that you can compile yourself. It's intended for you to use the rpm
> > binary.
> >
> > You can purchase an RSA license for $1,000 or $2,000 but the kicker is
> > that they're only sold in packets of about 20. My numbers are all wrong
> > but my point is clear.
> >
> > Well, that's my rough understanding of what's happening. I'll be very
> > interested to know what you discover about this.
> >
> > parker
> >
> > On Mon, 10 Jan 2000, Derek Beattie wrote:
> >
> > > Hi all, I've been playing with midgard now for a couple of weeks. Its very
> > > interesting. I'm in the US and can't use the RPM's with SSL, I guess, so
> > I've
> > > been learning how to compile apache/ssl/midgard myself. Anyway my question
> > is,
> > > where is the best source of documentation for Midgard? I've looked on the
> > site
> > > and the docs seem to be incomplete. I've studied the example site (Virtual
> > > Midgard Using Company 0.1) and I'm confused about some things.
> > >
> > > 1. What elements are required for every site?
> > > 2. Is it common to have a different Layout for each site?
> > > 3. Is it common to store all sites in one DB?
> > > 3. On the example site under Style admin I see the following:
> > > body
> > > body-content
> > > body-format
> > > footer
> > > head
> > > head-author
> > > head-generator
> > > head-made
> > > head-style
> > > head-title
> > > navilinks
> > > ROOT
> > > table
> > >
> > > in the table element I see <(content)> tag and I see the actual content in
> > the
> > > content administration. I don't understand how the actual content in the
> > > content admin gets layed out in the final product/site or what determines
> > how
> > > the subtopics Content,Events,News Releases,Products are layed out?
> > >
> > > I hope my question is clear enough.
> > >
> > > Derek
> > >
> > >
> > >
> > > =====
> > > . \\|//
> > > (O-O)
> > > *--------------------------------------oOO--(_)--OOo-----*
> > > * Sender: Derek Beattie *
> > > * Personal: [EMAIL PROTECTED] *
> > > * Business: [EMAIL PROTECTED] *
> > > *--------------------------------------------------------*
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Talk to your friends online with Yahoo! Messenger.
> > > http://im.yahoo.com
> > >
> > > --
> > > This is The Midgard Project's mailing list. For more information,
> > > please visit the project's web site at http://www.midgard-project.org
> > >
> > > To unsubscribe the list, send an empty email message to address
> > > [EMAIL PROTECTED]
> > >
> >
> >
> > --
> > This is The Midgard Project's mailing list. For more information,
> > please visit the project's web site at http://www.midgard-project.org
> >
> > To unsubscribe the list, send an empty email message to address
> > [EMAIL PROTECTED]
> >
> >
>
> =====
> . \\|//
> (O-O)
> *--------------------------------------oOO--(_)--OOo-----*
> * Sender: Derek Beattie *
> * Personal: [EMAIL PROTECTED] *
> * Business: [EMAIL PROTECTED] *
> *--------------------------------------------------------*
> __________________________________________________
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>
> --
> This is The Midgard Project's mailing list. For more information,
> please visit the project's web site at http://www.midgard-project.org
>
> To unsubscribe the list, send an empty email message to address
> [EMAIL PROTECTED]
>
--
This is The Midgard Project's mailing list. For more information,
please visit the project's web site at http://www.midgard-project.org
To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
