Jim Huber <[EMAIL PROTECTED]> wrote:
> Below is my summation of the jist of the legal-speak that is
>being sent to RSA.....
> Would love to provide people with exact copies of it but then
>hey, your lawyers wouldn't make anything....--) You are on your
>own to find and pay a patent/copyright lawyer to draw up your
>papers.....
>
> So, if RSA gave that license (and they did) to the US governemnt,
>for use in a public-funded project, in which they knowingly agreed
>that the code would be freely given away (as required by US law for
>public-funded software-development), and the US goivernment license
>plainly states I can use this "software" freely for commercial use
>in it entirety or in any part, (and this is what happened), then
>since I obtained my copy of the "license" from the US government
>FORTEZZA project....RSA can NOT enforce any claims.
I'm a little confused about how you obtained RSApkc or RSAREF
through the NSA's Fortezza project (which I thought was
KEA_DSS_Skipjack-based) but perhaps I can offer a few pertinent footnotes on
your comments:
The US government -- because it had given Ron Rivest a stipend to do
research on algorithms (not PKC;-) at the time when he, Len Adleman, and Adi
Shamir, all junior instructors at MIT, invented RSApkc -- has always had
free and unrestricted access to (and a right to implement and use,
royalty-free ) the RSApkc cryptosystem. No one at RSADSI ever had to give
any US government agency a license to use RSApkc in a federal project.
> It also means anyone who obtained RSAREF-2.0 from RSA which
>included a license that allowed "shareware" as well as unrestricted
>not-for-profit use is free to use it. That includes ALL the pieces
>contained in that library (IE MD5 as well) without further license.
Again, AFAIK, Rivest has always made his MD5 hash (and earlier, MD2
and MD4) freely available for unrestricted use by designers, programmers,
and implementors. The RFCs have been there for years, and the code is in
wide circulation.
> It also means if "said" included license states I can use it in
>a "for-profit" situation by signing the "commercial" license
>(which is/was free at the time) then since said license did NOT
>reserve the right of RSA to withdraw or terminate the license they
>granted me when they supplied me RSAREF-2.0 they MUST honor it
>under penality of law. Including civil damages.....for lost revenue
>etc. if they try to stop your use of it.
I'm not a lawyer either, and far be it for me to hold up your plans
for galactic conquest. (I have also been a consultant to RSADSI's parent
firm, Security Dynamics, for many years. So my personal opinions are not
only legally naive, but should also be considered suspect.) In other words,
your lawyer can talk to RSA's lawyer about whether RSAS can be forced to
make REFREF available to you; upon what terms, if any; and what the various
clauses in the RSAREF license actually mean. That's all Greek to me.
(Fyi, Tom Dunigan of ORNL has the RSAREF-2.0 agreement and license
online at: <http://www.epm.ornl.gov/~dunigan/rsaref.txt>)
I've always understood, however, that the hook in the bare-bones
RSAREF license was in the section 4, where the terms of the license channel
and enforce the licensee's potential interaction with the RSAREF library to
nothing more than the published interface: the procedures and data types
listed in the files "global.h" and "rsaref.h"
Some things you can do, and some things you can't. (RSAREF was,
after all, expressly labelled as a "free, educational reference
implementation," an academic proof-of-concept implementation -- and the
limitations upon its use were intended to be real. Again, your lawyers and
their lawyers, etc., etc.)
I've always understood that SSL, for instance, is one of the things
you can't do -- using the RSAREF-2.0 published interface under the rather
blunt restrictions outlined in the basic license.
I might be wrong, of course, but that is something a software
development manager can probably judge that better than the typical
corporate attorney, or even the standard patent lawyer. It will give you
something to discuss with your attorney when you do lunch to plan the grand
assault on Rivest et al.
Suerte,
_Vin
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
