At 05:10 AM 3/9/00 , you wrote:
> Wow. I'm at a loss here. Does anyone know of any
>way that my (tiny) company can legally use SSL for
>commercial purposes in the US without paying an obscene
>amount of money to RSA or buying an obscenely expensive
>web server system from a vendor?
Yes. It's called OpenSSL. Export regulations were relaxed this January, .. and while
there are many issues to be resolved, it essentially means that WE can IMPORT anything
in the public domain without a problem.
> We were going to use
>an Apache web server with its OpenSSL interface, but
>the Apache documentation indicates that this is not allowed
>for commercial purposes in the US. Any help you can give
>would be appreciated.
Commercial use as defined by the Feds is *SELLING* the software. Using it for YOUR
website is not commercial use. Some have argued the point, but who cares? As a small
company, we can download OpenSSL, OpenBSD (my next project), SSH, and on and on as
long as we grab international versions. Nobody cares what we do, as long as WE do not
EXPORT crypto software.
Now before all of the experts chime in, realize that I am just speaking from the
'small fry' viewpoint <g>! It will take years before the regs work their way through
the courts and are interpreted, .. but at this point there is nobody saying that you
cannot use OpenSSL or any of it's related works.
The restrictions occur when US companies export encryption, .. but as long as we use
international code there are no restrictions.
Lee
============================================
Leland V. Lammert [EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
Network/Internet Consultants www.omnitec.net
============================================
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
