Re: While there is a discussion on RSA

Wed, 28 Apr 1999 12:05:37 -0700 

-----Original Message-----
From: Leland V. Lammert <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>;
[EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, April 28, 1999 3:08 PM
Subject: Re: While there is a discussion on RSA


>At 10:24 AM 4/28/99 -0400, Dave Neuer wrote:
>>
>>All browser-supported SSL ciphersuites use RSA, AFAIK.  To use SSL legally
>>in the US for commercial purposes, you must either license BSAFE from
>>RSADSI, or buy a commercial Apache+SSL (from C2Net, Covalent, or Red Hat).
>>
>Dave,
>
>Good question! I thought RedHat Secure Server used mod_ssl? How can that
>include an RSA license?
>
>        Lee

I don't know the precise details of Red Hat's licensing arrangement with
RSADSI, but they apparently either converted mod_ssl to use BSAFE SSL-C
(rather than OpenSSL), or RSA sold them a license to use the OpenSSL
implementation. Remember: RSADSI holds the patent to the RSA algorithms, a
set of mathematical steps to use in public key cryptography, NOT a
particluar software implementation of them.

As far as more details of Red Hat's license goes, not that though they do
use mod_ssl, they DON'T include source for mod_ssl or openssl (or whatever
crypto library they use) -- they're statically compiled into the httpd
binary.  Even if RH does begin distributing their server in a form that
allows you to recompile the httpd binary (i.e. a binary of mod_ssl + crypto
lib as a DSO), they will NOT be allowed by RSADSI to provide source for the
mod_ssl + crypto stuff and the license included w/ RHSWS 2.0 makes it clear
that RSA doesn't grant you the right to use any other implementation of
their algorithms, only the one ecompassed in the binary that you received.

There should really be a more comprehensive and publicized FAQ about this
stuff (though I know RSADSI makes it hard to understand).

Dave Neuer
Software Engineer
Futuristics Labs, Inc.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to