Hi there, it's time to recollect the state of the world around crypto patents, isn't it? RSA: AFAIK, the RSA patent runs out in fall 2000. So, any product that is shipped after Fall 2000 will be able to finally forget about this RSA patent issue. So, no more RSAref hacks, etc. Am I right here? Even with the patent, however, I would hire an attorney to look over the RSAref license, and tell me that: commercial use of the RSAref code is in fact allowed for those commercial sites who do not make direct revenue from people accessing their sites through use of RSAref. This means, a company who merely wants to secure internal communication, or, if it doesn't generate revenue from users accessing the secured site, should be just fine in using RSAref. Also, even if you let your users use the system through SSL, but you generate your revenue by pushing advertizements to the user, and if you send your advertizements in the clear (i.e., not involving https), you are fine again. DISCLAIMER: THIS IS WHAT I UNDERSTAND, I AM NEITHER CERTAIN, NOR AM I IN THE POSITION TO MAKE THESE DETERMINATIONS. MAKE SURE YOU CONSULT AN ATTORNEY TO FIND OUT. Just curious, am I completely off base with my understanding? IDEA: The IDEA patent will last for another 3 or 5 years. But, as I understand, it is only an issue in Europe. IDEA is patented by a Swiss company. However, there is no need for using IDEA anywhere. The only software that relied on IDEA was PGP 2.6.x. With RC4 or 3DES you should get along just fine for SSL, ain't it right? It would seem as if the world of cryptography is about to get ready to take off, since noone can bog down the market with these terrible patents any more. Enjoy, -Gunther Disclaimer: These are my personal opinions, not those of my employer. Luis Enrique Limon wrote: > > Hi > > I have one little problem. I want to ship one product to the market that has > apache with mod_ssl and openssl. > > My problem is USA Patents. > > I'm building openssl with option no-rsa. this is supposed to remove rsa code > from openssl and now i can use mod_ssl in a valid form inside usa without > wondering about rsa patents. > > I know rsa cryptocode is only to encrypt the certificate, so i think is > better to use mod_ssl without rsa than plain html requests. > > And i can ship a new online update in september 20 with rsa code inside. > but i still have the problem of idea and RC5 and i want to know if there is > any problem with them inside USA. > > The fact that i'm not selling only providing the product take me to the idea > of use RSARef in my product and tell the user that if they want to use for > commercial proposes they need to pay a license of bsafe to RSA (or buy some > from covalent or redhat). > > But RSA tell me that i will still inflicting the law (i don't know how maybe > some one can help me in this respect). > > Is supposed that if i use openssl without rsa code some browsers are now > going to be able of connect to the server. but i have tested with netscape > and opera ant they work. > > I'm trying to use ravenssl from covalent in my product but (using my version > of apache build against mod_ssl. but i when some one connects to the server it > appears to work until the page is requested the apache child segfaults. > > I think i need to get my patched version of apache with mod_ssl and create a > modified version of apache with ravenssl and the generate a diff file to be > able of create bout shared objects. but i haven't tested that yet. If this > works. i can have the choice of put ravenssl or mod_ssl in the same apache > binary. but i prefer not to pay covalent for ravenssl so maybe is better only > use apache and mod ssl. > > (i can not pay for licenses of bsafe inside my product because rsa want me to > pay some think like 90,000! > > -- > Luis E Limon > [EMAIL PROTECTED] > Senior SoftWare Developer > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED]
begin:vcard n:Schadow;Gunther tel;fax:+1 317 630 6962 tel;home:+1 317 816 0516 tel;work:+1 317 630 7960 x-mozilla-html:FALSE url:http://aurora.rg.iupui.edu org:Regenstrief Institute for Health Care;Dr. McDonald, 5th floor adr:;;1050 Wishard Blvd;Indianapolis;Indiana;46202;USA version:2.1 email;internet:[EMAIL PROTECTED] title:M.D., Medical Information Scientist fn:Gunther Schadow end:vcard
