Re: [Q] Using mod_ssl for e-commerce in the US

Wed, 13 Oct 1999 07:10:31 -0700 

I'm not a lawyer.  That said, I think that the rep's assertion that it is
illegal to use RSAREF in the US for non-commercial purposes is bogus and in
direct contradiction to the actual terms of the RSAREF license.

However, the use you describe counts as 'commercial' under the RSAREF
license (v 2.0) as far as I can tell.  You are selling a service (web
hosting) and using RSA as a part of that service.  It doesn't matter that
you are not charging extra for the SSL functionality.

There are several RSA-licensed, Apache-based SSL servers ranging in price
from inexpensive (RedHat Secure Web Server, $99 last I checked) to
moderately expensive (C2Net's Stronghold, somewhere between $500 and $1000,
IIRC).

I'd suggest using one of those.

Dave Neuer
Software Engineer
Futuristics Labs, Inc.
www.futuristics.net

-----Original Message-----
From: David C. Snyder <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, October 13, 1999 8:12 AM
Subject: [Q] Using mod_ssl for e-commerce in the US


>Hello,
>
>I would like to use mod_ssl enabled Apache to host a few small
>e-commerce web sites in the US.  Unfortunately, the instructions for
>building mod_ssl (INSTALL) indicate that it is mandatory for
>US-citizens to link openssl and mod_ssl with RSAref-2.0.
>
>I talked to someone in licensing at RSA, and they indicated that it
>is illegal to use RSAref-2.0, commercially or not, in the US.  They
>said that I would need to license their "Crypto-C" library.
>
>I am hoping that they simply misunderstood my intentions.  I don't
>plan to "sell" any software, nor do I plan to charge extra for the use
>of the SSL enabled Apache that will on my web server.  (My prices for
>hosting SSL enabled domains are the same as for non-SSL domains.)
>
>Given this situation, is it necessary to purchase a license in order
>to legally operate a mod_ssl enabled Apache in the US?
>
>-- David
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      [EMAIL PROTECTED]
>Automated List Manager                            [EMAIL PROTECTED]
>

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to