I used the RSAREF library, and do it for commercial purposes, in the USA,
and under my reading of the info.txt that comes with it ll is fine. Below
is the portion of that file that I think addresses this issue...
take care,
Steve...
----------------------------------------------------------------------------
-----
WHAT YOU CAN (AND CANNOT) DO WITH RSAREF
1. RSAREF is free for personal or corporate use under the
following conditions:
o RSAREF, RSAREF applications, and services based on
RSAREF applications may not be sold.
o You must give RSA the source code of any free RSAREF
application you plan to distribute or deploy within
your company. RSA will make these applications
available to the public, free of charge.
2. RSAREF applications and services based on RSAREF
applications may be sold under the following conditions:
o You must sign and return the RSAREF Commercial License
Agreement to RSA (call RSA for a copy of this
agreement). Remember, RSAREF is an unsupported toolkit.
If you are building an application to sell, you should
consider using fully supported libraries like RSA's
BSAFE or TIPEM SDK's.
3. RSAREF applications and services based on RSAREF
applications may be "sharewared" under the following
conditions:
o Shareware authors do not need to sign a separate
agreement with RSA, provided that their per-copy asking
price is less than $50 and total RSAREF application
revenue is less than $10,000 annually. Otherwise,
shareware authors must sign and return the RSAREF
Commercial License Agreement.
4. You must use the interface described in the RSAREF
documentation.
...
...
At 06:56 PM 5/21/99 -0700, you wrote:
>What a lovely thread this is, and it brings up many unanswered questions.
>
>I am running a commercial server. I want to use SSL. I have the RPM that
>was generously made available on the Contrib site. I am in the US.
>So what I want to know is this:
>Do I need an RSA License or not? I plan to get my certificate from
>Verisign, will they deny me a certificate if I dont have an RSA license
>too? If I need one (and I really hate to buy one if I dont need it) how do
>I get one (a url with direction would be handy please)?
>
>Thanks again for all the help.
>
>At 11:40 PM 5/21/99 +0200, you wrote:
>>On Fri, May 21, 1999 at 11:05:38AM -0400, Adam D. McKenna wrote:
>>> From: Bodo Moeller <[EMAIL PROTECTED]>
>>
>>>>> From what I've heard even RSAREF is not legal to use inside the US
>>>>> for commercial purposes. However, verisign (a division of RSA)
>>>>> does not have a problem issuing certificates for servers running
>>>>> OpenSSL (SSLeay is actually what is mentioned). They say this on
>>>>> their homepage and there is no mention of RSAREF. This leads me
>>>>> to believe that RSA really doesn't care about people using OpenSSL
>>>>> (with RSAREF or without) within the US.
>>
>>>> There are commercial web-servers based on SSLeay/OpenSSL that are
>>>> legal to use in the US. Plus, if you desperately want to use a free
>>>> one, you can obtain an RSA license yourself -- but it'll likely be
>>>> much more costly than buying a commercial derivate of Apache.
>>
>>> That's not what I meant. What I was saying is that Verisign condones and
>>> supports the use of "freeware apache", and will issue certificates for it.
>>> Are you saying that this implies that the users of "freeware apache" have
>>> also purchased an RSA license? That's not how I read it. But you are
free
>>> to look for yourself at
>>> http://digitalid.verisign.com/server/apacheNotice.htm
>>
>>I see, they directly refer to freeware. But Verisign has customers
>>not only in the U.S., and not every use of a HTTPS server is
>>commercial (as defined by the RSAREF license); so there are various
>>possibilities to get a Verisign certificate without buying a patent
>>license and without violating patents.
>>______________________________________________________________________
>>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>>User Support Mailing List [EMAIL PROTECTED]
>>Automated List Manager [EMAIL PROTECTED]
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
