This is extremely interesting . . .
Which version of the RSAREF library is this from? It doesn't seem to match
the terms of the RSAREF 2.0 library.
Also, it seems that commercial use other than shareware requires that you
obtain a license agreement from RSADSI -- have you done this? If so, how
recently? One would have assumed that since RSADSI no longer distributes
RSAREF, that they might not be willing to issue licenses under the RSAREF
Commercial License Agreement, either.
Any additional details that you can provide would be welcome.
Dave Neuer
-----Original Message-----
From: Steve Kneizys <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Sunday, May 23, 1999 8:19 AM
Subject: Re: ModSSL Breaks Apache
>I used the RSAREF library, and do it for commercial purposes, in the USA,
>and under my reading of the info.txt that comes with it ll is fine. Below
>is the portion of that file that I think addresses this issue...
>
>take care,
>
>Steve...
>
>---------------------------------------------------------------------------
-
>-----
>WHAT YOU CAN (AND CANNOT) DO WITH RSAREF
>
> 1. RSAREF is free for personal or corporate use under the
> following conditions:
>
> o RSAREF, RSAREF applications, and services based on
> RSAREF applications may not be sold.
>
> o You must give RSA the source code of any free RSAREF
> application you plan to distribute or deploy within
> your company. RSA will make these applications
> available to the public, free of charge.
>
> 2. RSAREF applications and services based on RSAREF
> applications may be sold under the following conditions:
>
> o You must sign and return the RSAREF Commercial License
> Agreement to RSA (call RSA for a copy of this
> agreement). Remember, RSAREF is an unsupported toolkit.
> If you are building an application to sell, you should
> consider using fully supported libraries like RSA's
> BSAFE or TIPEM SDK's.
>
> 3. RSAREF applications and services based on RSAREF
> applications may be "sharewared" under the following
> conditions:
> o Shareware authors do not need to sign a separate
> agreement with RSA, provided that their per-copy asking
> price is less than $50 and total RSAREF application
> revenue is less than $10,000 annually. Otherwise,
> shareware authors must sign and return the RSAREF
> Commercial License Agreement.
>
> 4. You must use the interface described in the RSAREF
> documentation.
>...
>...
>
>
>At 06:56 PM 5/21/99 -0700, you wrote:
>>What a lovely thread this is, and it brings up many unanswered questions.
>>
>>I am running a commercial server. I want to use SSL. I have the RPM that
>>was generously made available on the Contrib site. I am in the US.
>>So what I want to know is this:
>>Do I need an RSA License or not? I plan to get my certificate from
>>Verisign, will they deny me a certificate if I dont have an RSA license
>>too? If I need one (and I really hate to buy one if I dont need it) how do
>>I get one (a url with direction would be handy please)?
>>
>>Thanks again for all the help.
>>
>>At 11:40 PM 5/21/99 +0200, you wrote:
>>>On Fri, May 21, 1999 at 11:05:38AM -0400, Adam D. McKenna wrote:
>>>> From: Bodo Moeller <[EMAIL PROTECTED]>
>>>
>>>>>> From what I've heard even RSAREF is not legal to use inside the US
>>>>>> for commercial purposes. However, verisign (a division of RSA)
>>>>>> does not have a problem issuing certificates for servers running
>>>>>> OpenSSL (SSLeay is actually what is mentioned). They say this on
>>>>>> their homepage and there is no mention of RSAREF. This leads me
>>>>>> to believe that RSA really doesn't care about people using OpenSSL
>>>>>> (with RSAREF or without) within the US.
>>>
>>>>> There are commercial web-servers based on SSLeay/OpenSSL that are
>>>>> legal to use in the US. Plus, if you desperately want to use a free
>>>>> one, you can obtain an RSA license yourself -- but it'll likely be
>>>>> much more costly than buying a commercial derivate of Apache.
>>>
>>>> That's not what I meant. What I was saying is that Verisign condones
and
>>>> supports the use of "freeware apache", and will issue certificates for
it.
>>>> Are you saying that this implies that the users of "freeware apache"
have
>>>> also purchased an RSA license? That's not how I read it. But you are
>free
>>>> to look for yourself at
>>>> http://digitalid.verisign.com/server/apacheNotice.htm
>>>
>>>I see, they directly refer to freeware. But Verisign has customers
>>>not only in the U.S., and not every use of a HTTPS server is
>>>commercial (as defined by the RSAREF license); so there are various
>>>possibilities to get a Verisign certificate without buying a patent
>>>license and without violating patents.
>>>______________________________________________________________________
>>>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>>>User Support Mailing List [EMAIL PROTECTED]
>>>Automated List Manager [EMAIL PROTECTED]
>>
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>>User Support Mailing List [EMAIL PROTECTED]
>>Automated List Manager [EMAIL PROTECTED]
>>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
