-----Original Message-----
<snip>
>
>>From what I've heard even RSAREF is not legal to use inside the US for
>commercial purposes. However, verisign (a division of RSA) does not have a
>problem issuing certificates for servers running OpenSSL (SSLeay is
actually
>what is mentioned). They say this on their homepage and there is no
mention
>of RSAREF. This leads me to believe that RSA really doesn't care about
>people using OpenSSL (with RSAREF or without) within the US.
>
>Does anyone care to comment on this?
>
>--Adam
Don't bet on it. Verisign and Thawte are in the business of issuing
certificates, NOT policing US patent violations (especially since Thawte is
base in S. Africa). I think it would be particularly unwise to assume that
just because one company is willing to issue a certificate that *could* be
used by a *particular user* in a manner that infringes on a patent, that the
owner of the patent won't take action against *actual* violaters. It is
*probably* not a patent infringement for Verisign or Thawte to issue certs
for use w/ the OpenSSL implementation of RSA (caveat: IANAL); it *is* a
patent violation to *use* said certs in the US (for commercial purposes
period, for any other purposes if you didn't use RSAREF).
RSADSI has been known to aggressively pursue patent infringers when the
infringement was developing a product or toolkit that they felt infringed on
their patents; I haven't seen mention of them taking action against a mere
*user* of their patented technology, but I wouldn't blithely discount the
possibility, either.
Dave Neuer
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
