Re: Some Questions !

Thu, 16 Mar 2000 16:06:23 -0800 

On 16 Mar 2000, Praveen Koppula wrote:

> One of our products use SSLeay for the secuity purposes. The product
> was originally developed from outside of USA initailly and is being
> enhanced further in USA. (RSA has patent rights within USA)

OpenSSL and SSLeay are related closely enough to make the situation
confusing.  SSLeay split into a commercial version, and an open source
version that is called OpenSSL.  My comments refer to OpenSSL, or SSLeay
prior to it becoming an RSA subsidiary.

> 1> Does SSLeay use the RSA Algorithms and is it a problem if this
> product with SSLeay is shipped outside 
> from USA. I mean , does we need to pay any fee to RSA.

By default, yes, though you can compile it without encumbered algorithms.
Doing so sacrifices compatibility with other SSL-enabled products,
however.

To further complicate matters, until the patent expires, you are forced to
use RSARef to use RSA algorithms, unless you license the algorithms from
RSA directly.  You can do this without licensing fees if certain
conditions are met, though you'll find much disagreement on the meaning of
those conditions.  My iterpretation (a casual one, I took a semester of
business law, but it was purely an introduction for non-lawyers) is that
you can use it provided you're not selling any product or service based on
it.  You can't sell the service of hosting secure web sites, but you could
host a secure intranet server (running an e-commerce site for yourself or
your company is gray enough I'd say no).

> 2> If the answer is yes to the above question, Will it be a problem if
> the product is shipped from outside of 
> USA ? 

If it's a commercial product, then yes, it will still be a problem.

> 3> When is the RSA Patent expires in USA ?

September 20th of this year, I believe.

> 4> Does OpenSSL too use the RSA patentened algorithms ?

As I mentioned above, the freely available source code will have issues.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to