Sorry for bringing the legal status of RC2/RC4 up yet again, but the
information on the net seems to be contradictory. I am in the process
of completing the MiamiSSL/AmigaOS migration from SSLeay to OpenSSL,
and am, once again, wondering which ciphers I may include for
non-commercial purposes, in particular within the US. I hope someone
can help clear this up.
I understand that RC2 used to be a "trade secret", at least until
RSADSI officially published the algorithm in RFC 2268. Does that
mean that the algorithm is free to be used now ? I have heard that
RSADSI has applied for a patent on RC2, but I could not find any
confirmation for that, one way or another. If a patent exists, are
there provisions for non-commercial use ?
Similarly for RC4: it used to be a "trade secrect" (at least RSADSI
claimed that), but recently there have been unconfirmed rumors that
the trade secret status was dropped, that a patent application was
denied, and that RC4 is now only covered by a trademark, not by trade
secret or patent status. Does anyone have more information on
whether this is true, and what the implications are ?
Also regarding the trademark status of both algorithms: my
understanding of a "trademark" (which may be wrong), is that it only
covers the name, not the algorithm or implementation. Does that mean
that it would not be a violation of trademark laws to simply rename RC4
to something else (e.g. "ArcFour"), remove all references to the string
"RC4" from OpenSSL, and then distribute the resulting code and docs ?
Similarly for RC2 ?
Any information on this matter would be greatly appreciated.
--
Holger Kruse [EMAIL PROTECTED]
http://www.nordicglobal.com
NO COMMERCIAL SOLICITATION !
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
