Aaron D. Turner <[EMAIL PROTECTED]> wrote:
>
>On Mon, 20 Sep 1999, Dave Neuer wrote:
>
>> -----Original Message-----
>> From: Aaron D. Turner <[EMAIL PROTECTED]>
>> To: Stunnel Maillist <[EMAIL PROTECTED]>;
>> [EMAIL PROTECTED] <[EMAIL PROTECTED]>
>> Date: Friday, September 17, 1999 5:43 PM
>> Subject: What US companies need to know about >> >
>> >Basically, all I wanted to do is run a generic SSL reverse proxy for a
>> >number of services/hosts. I also wanted Client Certificates for added
>> >security. All this was for internal use only type stuff like IMAP and
>> >secure access to internal web servers for my employees. None of this
>> >is stuff that I make any money off of directly- ie. I'm not trying to
>> >sell anything with SSL or RSA in it
>>
>> If this is the case (ie, it's not part of a product or service you sell),
>> why not just use RSARef? You can't get it from RSADSI any more, but you
can
>> still get it, and the license would appear to permit this.
>
>[disclaimer, I'm not a lawyer]
>
>My understanding of the RSAref license does not support this. My
>understanding is that if I'm a corporate entity, I must license the
>RSA algorithm directly or indirectly from RSA Security. RSA also
>supported this conclusion in my phone conversations with them. The
>problem revolves around the fact that they see my use of RSA as
>enabler in my efforts to make money. Hence I'm making money
>indirectly from RSA and they want a (big) cut of that profit>
Hey, I'm not a lawyer either, but that sounds like a load to me; from the
RSAREF 2.0 license:
b. The Program may not be used directly for revenue-generating
purposes. You may not:
(i) use the Program to provide services to others for which
you are compensated in any manner;
(ii) license or otherwise distribute any Application Program
in any manner that generates income to you, including
without limitation any income on account of license
fees, royalties, maintenance fees and upgrade fees; and
(iii) license or otherwise distribute any Application
Program without the express written acknowledgment of
the end user that the Program will not be used in
connection with any revenue-generating activity of the
end user.
Nothing in this paragraph prohibits you from using the
Program or any Application Program solely for internal
purposes on the premises of a business which is engaged in
revenue-generating activities.
That seems to straightforwardly contradict what the RSADSI rep told you.
RSADSI seem to have a propensity for casting information in a decidedly
pro-RSADSI light. Kind of like the way they convinced the IETF that the
licensing for RSA would always be "affordable and non-discriminatory."
Anyway, take that for whatever it's worth.
Dave Neuer
BTW, I got the license as well as the rest of the RSADSI package from
ftp://ftp.replay.com/pub/crypto/crypto/LIBS/rsa/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
