On Thu, Oct 28, 1999, Yan Zhang Chen wrote:
> [...]
> My first question is about the patents to be involved in our
> case where we only use modssl (with openssl) for web site:
> I know we need RSA license; do we also need license for
> IDEA? From what I can see in browsers like Netscape, only
> RC4 and DES ciphers are supported, so I assume we wouldn't
> need IDEA license?
IDEA is supported by Netscape AFAIK but you can live without it, because there
are other non-IDEA ciphers in Netscape which are enough for a successful
connection. Additionally AFAIK the IDEA patent is only registered in Europe
(Ascom Tech in Switzerland holds it), but I'm not sure.
> Assuming we only need RSA license. Since RSA site license is
> expensive, is it possible to buy SSL-enabled server product like
> Stronghold (and therefore the RSA license), and then instead of
> deploying Stronghold we actually run modssl/apache? Would this
> be legal?
50% of the people say this is not legal and the other 50% say it's in the gray
area. So you've to decide yourself what to do ;) At least you cannot expect an
official OK for this approach from RSA DSI....
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]