On Thu, Nov 19, 1998 at 01:14:39PM -0600, Albert Etienne wrote:
> Maybe I haven't done my homework here, but. I got everything installed
> and am trying to make sure I am in compliance with rsa's licensing for
> commercial profit use.
[out of date rsaref-2.0 text removed]
> So I call them up and they want $2,500 for the developer software
> package and then I can discuss licensing. WHAT!!!!!!!! Are they
> kidding me?
It's hard to tell. Some time ago, I reported here the results of my
endeavors to find out just how much licensing of BSAFE would cost
ExecPC... At the time, I was told that the BSAFE development libs
for Linux would be $295 (v3.0, that is--v4.0 wasn't available, and
probably won't be until someone with lots of $$$ convinces RSA to do
the work) and that there were a number of licensing options: an annual
royalty or a flat per-user buyout. Not a big fan of recurring license
costs, I asked about the flat buyout. 100 users = $3000, 250 = $4000,
etc. I asked whether it applied to the servers we were running, or
to our virtual hosted customers, and the answer (again, at the time)
was a virtual hosted customer was considered a user. Not that
terrible of a deal.
So, I went ahead, bought the libraries, got it to work with mod_ssl, and
got some other things done for the server. I was just about ready to
bring it into production when I called RSA again (the very same person,
no less) to go ahead and get the licenses. Someone must have chewed
her out about something, because the story was all different. She tried
to tell me now that a 'user' meant any connection that used the RSA
libraries! Thats 1 user per hit, or at least 1 user per any IP that
talks SSL to the server... EVER!
After trying to get her to understand the situation and how silly that
kind of a scheme is in the world of serving secure HTML, we explored the
royalty option. Basically, you pre-pay some amount (I think the _minimum_
was $25,000), and then a certain percentage (1% or so) of what you charge
your customer per quarter is deducted from that initial pre-pay. Once
that money's been spoken for, then you start paying quarterly. I pretty
much knew that this kind of arrangement was going to be very difficult to
sell to the people who hold the purse strings here... Especially since
the RedHat Secure Server's under $100.
While I had her on the phone I asked her what kind of deal RedHat,
Stronghold, and other companies had. Of course, she couldn't give me
the details, but indicated that they'd paid a very large sum of money
for their resale licensing rights... I asked if there was anything
keeping me from buying a RedHat server for the license, shelving it,
and applying the RSA license to mod_ssl, and the response I got gave
me the feeling that there really wasn't anything preventing me from
doing that.
--
Jake Buchholz http://www.execpc.com/~jake
ExecPC Senior Systems Administrator [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
