> On Mon, 10 Jan 2000, Ben Laurie wrote:
>
> > Not sure whether its true or not, but so what? We don't have to
> > _enforce_ the patent, just provide a way to not violate it, right?
>
> But does the act of producing code which contains non-RSAref RSA code,
> even if it's not used, violate the patent? Using a static library this
> presumably wouldn't make it into any binaries unless there are internal
> references to the "naughty" functions, but I haven't tested this
> yet. When/if OpenSSL moves to using shared libraries too (as FreeBSD
> does) this becomes a larger issue because the library you ship with your
> binary retains the ability to do non-RSAref RSA.
>
> I think it would be much safer against varying legal interpretations to
> simply not compile the regular RSA cryptographic code in the case of
> -DRSAref. I'll produce a patch tonight which does this.
I think you have a bigger problem in the U.S. though. If there are
CD-roms contain FreeBSD which are sold to users then those CDs will
not be able to contain RSARef code without violating the terms of the
RSARef license. The use of RSARef code must be non-revenue producing
in order to stay within the license.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
