I spoke to a real live person at RSA myself some months back, and the situation is
this:
Crypto is restricted in the US. The only crypto which it is legal to use (we are
talking for SSL here - no nitpicking, please) is either the package produced by RSA
or an algorithm that a programmer develops and implements herself. You cannot
download mod_ssl from anywhere outside the US, and there is no source for it inside
the US (that I know of yet).
If someone writes an SSL-capable mod for apache IN THE US, and posts it IN THE US,
it can be used by people IN THE US.
(Talk about your monopolies.....)
RSA is not in the business to sell licenses to individual users. This is why their
prices are through the ceiling. They essentially sell license packs to companies
like Netscape, Stronghold, and Covalent in quantities that bring the cost per
license down to about $150 (in the smallest quantity - obviously, must be less for a
bigger quantity because Netscape included a secure Fast Track server in early
versions of one of the linuxes -- I forget which...)
Stronghold is somewhat under $1000; Covalent Raven is $357. Covalent hosts the
apache mailing list and now sells apache support. I, of course, bought the Covalent
-- they allowed (notified, in fact) me to download each upgrade for free as it
became available. Early versions were a bit difficult, but they really have it down
now.
The thing with Covalent is that they provide DSO built apache, and you can just add
the midgard mods using apxs.
However, you still have to buy the Verisign certificate, or create a self-signed
certificate every 30 days or so.....
No, I do not have any connection with Covalent; I am just sharing the information,
and reporting that I have had a very good experience with the company.
cat
--
This is The Midgard Project's mailing list. For more information,
please visit the project's web site at http://www.midgard-project.org
To unsubscribe the list, send an empty email message to address
[EMAIL PROTECTED]
